PHI of Anthem Members and Advocate Aurora Health Patients Potentially Compromised
Anthem Inc. has alerted 2,003 members that some of their protected health information has potentially been viewed or obtained by an unauthorized individual who gained access to the network of one of its business associates.
Anthem works with the Atlanta, GA-based insurance broker OneDigital, which provides support for individuals enrolled in group health plans to help them procure and manage their health insurance. OneDigital had been provided with the protected health information of certain members to assist them or their current or former employer to obtain and manage their health insurance plan.
On November 24, 2021, Anthem was notified by OneDigital about a network server hacking incident that occurred in January 2021. Anthem said the investigation into the breach did not uncover any direct evidence of unauthorized viewing or theft of protected health information, but those activities could not be ruled out.
The types of data stored on the compromised systems included names, addresses, dates of birth, healthcare provider names, health insurance numbers, group numbers, dates and types of health care services, medical record numbers, lab test results, prescription information, payment information, claims information, Social Security numbers, and driver’s license numbers.
Affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. Anthem said it is working with OneDigital to reduce the risk of similar breaches occurring in the future.
Billing Error Results in Exposure of the PHI of More Than 1,700 Advocate Aurora Health Patients
The Illinois-based 26-hospital health system, Advocate Aurora Health, has notified more than 1,700 patients that some of their protected health information has potentially been compromised.
On or around July 29, 2021, billing statements were prepared and mailed to patients, but they failed to reach their destination. The statements contained a limited amount of protected health information, such as patients’ names, dates of service, the types of services provided, the name of the healthcare provider they visited, and visit account numbers.
Advocate Aurora Health discovered the billing error on October 29, 2021. The subsequent investigation revealed there had been an accidental change to its billing software that went unnoticed, which resulted in statements being mailed to the wrong address. Advocate Aurora Health said it has not received any reports of attempted or actual misuse of any patient data as a result of the incident, but patients have been notified by mail as a precaution and have been offered complimentary credit monitoring services.
Advocate Aurora Health said it is making changes to its internal processes and technology to prevent similar breaches in the future. The breach was reported to the HHS’ Office for Civil Rights as affecting 1,729 individuals.