25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Phishing Email Results in 108,000-Record Data Breach at Nebraska Life Insurer

Posted By on Jul 31, 2024

United of Omaha Life Insurance Company in Nebraska has confirmed that a response to a phishing email has resulted in a breach of the protected health information of 107,894 individuals. The breach was detected on April 23, 2024, when anomalous activity was identified in an employee’s email account. United of Omaha observed unauthorized access to the account by a third party and blocked access to the account by changing the employee’s Microsoft account passwords and blocking and reporting the domain associated with the attack.

The forensic investigation confirmed that access was gained to the account following a phishing campaign targeting its employees and one of those employees responded to the email and disclosed their credentials. The investigation confirmed that there was unauthorized access to the account between April 21, and April 23, 2024, and that the activity was limited to that account and no other systems or networks were compromised.

The email account was reviewed to identify the types of information that were potentially viewed or stolen, and that process was completed on June 28, 2024. United of Omaha said the unauthorized third party did not email any data from the account, but it could not rule out unauthorized access to emails and attachments.

The emails and attachments contained information related to United of Omaha’s group insurance products, and while it was not possible to determine the exact types of information exposed per individual, they likely included full names, demographic information including addresses and dates of birth, driver’s license numbers, health insurance policy numbers, Social Security numbers, employment information, and limited health information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While there does not appear to have been any data theft, the affected individuals have been offered 12 months of complimentary identity theft protection services. United of Omaha has also provided additional education to the workforce on how to identify and report phishing attempts.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Prevent HIPAA Email Violations

Avoid the common misunderstandings and implementation errors relating to HIPAA email.

Learn more