HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI of Anthem Members and Advocate Aurora Health Patients Potentially Compromised

Anthem Inc. has alerted 2,003 members that some of their protected health information has potentially been viewed or obtained by an unauthorized individual who gained access to the network of one of its business associates.

Anthem works with the Atlanta, GA-based insurance broker OneDigital, which provides support for individuals enrolled in group health plans to help them procure and manage their health insurance. OneDigital had been provided with the protected health information of certain members to assist them or their current or former employer to obtain and manage their health insurance plan.

On November 24, 2021, Anthem was notified by OneDigital about a network server hacking incident that occurred in January 2021. Anthem said the investigation into the breach did not uncover any direct evidence of unauthorized viewing or theft of protected health information, but those activities could not be ruled out.

The types of data stored on the compromised systems included names, addresses, dates of birth, healthcare provider names, health insurance numbers, group numbers, dates and types of health care services, medical record numbers, lab test results, prescription information, payment information, claims information, Social Security numbers, and driver’s license numbers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. Anthem said it is working with OneDigital to reduce the risk of similar breaches occurring in the future.

Billing Error Results in Exposure of the PHI of More Than 1,700 Advocate Aurora Health Patients

The Illinois-based 26-hospital health system, Advocate Aurora Health, has notified more than 1,700 patients that some of their protected health information has potentially been compromised.

On or around July 29, 2021, billing statements were prepared and mailed to patients, but they failed to reach their destination. The statements contained a limited amount of protected health information, such as patients’ names, dates of service, the types of services provided, the name of the healthcare provider they visited, and visit account numbers.

Advocate Aurora Health discovered the billing error on October 29, 2021. The subsequent investigation revealed there had been an accidental change to its billing software that went unnoticed, which resulted in statements being mailed to the wrong address. Advocate Aurora Health said it has not received any reports of attempted or actual misuse of any patient data as a result of the incident, but patients have been notified by mail as a precaution and have been offered complimentary credit monitoring services.

Advocate Aurora Health said it is making changes to its internal processes and technology to prevent similar breaches in the future. The breach was reported to the HHS’ Office for Civil Rights as affecting 1,729 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.