HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Security Incidents Reported by HealthPlex and Optima Dermatology

Healthplex Inc., one of the largest providers of dental insurance in New York state, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. Upon discovery of the breach, the email account was immediately secured to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach.

On April 5, 2021, Healthplex confirmed that the email account contained the personal and protected health information of 89,955 individuals who had previously enrolled in its dental plans. The exposed information varied from individual to individual and may have included first and last names in combination with one or more of the following data types:

Address, group name and number, member ID number, plan affiliation, date of birth, date of service, provider name, ADA codes and their description, billed/paid amounts, prescription drug names, Social Security number, banking information, credit card number, username and password for the member portal, email address, phone number, and driver’s license number.

Healthplex said notification letters were sent to affected individuals on April 15, 2022, who have been offered complimentary identity theft protection services through Lifelock. Steps have also been taken to improve the security of its email environment to prevent similar breaches in the future.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Optima Dermatology Email Breach Affects Almost 60,000 Patients

Optima Dermatology Holdings has announced it has experienced an email security incident that resulted in the exposure of the protected health information of patients of The Dermatology Center of Indiana and Advanced Dermatology & Skin Cancer Center.

Optima Dermatology did not disclose when the email security breach was discovered but said that after an extensive forensic investigation it was determined on February 17, 2022, that the breach was limited to a single email account, which was accessed by an unauthorized individual between August 30, 2021, and September 2, 2021.

A review of the email account revealed it contained the protected health information of 59,872 individuals, such as full names, birth dates, medical treatment and/or conditions information, health insurance claims and/or application information, health insurance policy and/or subscriber numbers, and medical record numbers. No evidence was found to indicate Social Security numbers, driver’s license numbers, or financial account/payment card information were exposed or compromised.

Optima Dermatology said notification letters were sent to the 59,872 affected individuals on April 18, 2022, and additional safeguards have been implemented to prevent further attacks.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.