Data Breach Impacts Almost 14,000 Family Members of Subscribers

The Special Agents Mutual Benefit Association (SAMBA) health plan is alerting almost 14,000 individuals about a February 2018 breach of protected health information.

The breach affects eligible family members of subscribers who were covered by the Federal Employees Health Benefits Plan in 2017.

It is an Internal Revenue Service (IRS) requirement for SAMBA to mail a copy of Form 1095-B to all plan subscribers each tax year. The form supports plan members’ and covered family members’ compliance with the Affordable Care Act’s individual mandate.

The forms for the 2017 tax year were mailed on or soon after February 19, 2018; however, a programming error resulted in the forms being populated with information relating to other subscribers’ family members.

Instead of detailing the subscribers’ family members covered by their health plan, the forms included the names and Social Security numbers of other subscribers’ family members and the dates of health insurance coverage in 2017.  The forms were also incorrectly dated 2016.

SAMBA notes that no subscribers’ Social Security numbers were disclosed. The breach was restricted to subscribers’ family members. An investigation into the error revealed the incorrect mailing affected 13,942 individuals.

The error was detected on February 22, 2018, and a second mailing was sent with the correct tax year and family members’ details on the forms. Notification letters have also been sent to family members impacted by the breach, and subscribers who received an incorrect copy of Form 1095-B have also been notified and instructed to destroy the 2016 version of the form.

SAMBA has not received any reports to suggest the impermissibly disclosed information has been misused in any way; however, as a precaution against identity theft, all affected individuals have been advised to exercise caution and obtain credit reports and check them and their Explanation of Benefits statements carefully for any sign of fraud.

“We are taking steps to prevent any future data incident, and as always will continue to review and improve our processes, policies, and procedures that address data privacy,” said SAMBA’s Executive Director, Walter E. Wilson.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.