HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

122,000 Providence Health Plan Members Impacted by Dominion National Data Breach

In July 2019, Dominion National, an insurer and administrator of dental and vision benefits, announced the discovery of a major data breach that impacted around 2.9 million health plan members. Hackers had gained access to Dominion National servers in 2010. The breach was detected on April 24, 2019.

Providence Health Plan has recently announced the breach at Dominion National affected 122,000 of its plan members. Virginia-based Dominion National administers Providence Health Plan’s dental program in Oregon, and as such, had access to plan members’ protected health information (PHI), including names, addresses, dates of birth, insurance information, and Social Security numbers.

Dominion National started administering the health plan’s dental program in 2015. The breach was therefore limited to customers who participated in the dental program between 2015 and 2019.

Affected Providence Health Plan members were notified by Dominion National in August and have been offered two years of complimentary credit monitoring and identity theft protection services.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Laptop Theft from Business Associate Affects 7,358 Connally Memorial Medical Center Patients

Wilson County Memorial Hospital District is notifying 7,358 patients of Connally Memorial Medical Center in Floresville, Texas that some of their personal and health information has been exposed.

Patient information was stored on a laptop computer used by a business associate of the medical center. The laptop was stolen on April 23, 2019.

The unnamed business associate conducted a forensic analysis to determine what, if any, PHI was stored on the device. That analysis revealed a limited amount of PHI was stored in the memory of the laptop, which could possibly have been accessed by unauthorized individuals.

The majority of affected individuals only had their first and last name, date of birth, gender, ethnicity, specialty referral information, and an internal tracking number exposed. A smaller set of patients had their full name, diagnosis, reason for transfer, and transfer date exposed, along with the name of the hospital to where that individual was transferred.

The breach has prompted the medical center to update its business associate agreements to state that all business associates must now use encryption on laptops used to store or access patient information. No financial information or Social Security numbers were exposed, but out of an abundance of caution, affected individuals have been offered complimentary credit monitoring services for 12 months.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.