South Florida Community Care Plan Notifies Patients About Insider Email Breach
South Florida Community Care Plan has discovered a former employee sent internal documents containing the protected health information of plan members to a personal email account. The breach was discovered on June 21, 2021 during a review of the former employee’s email account.
An investigation was launched into the unauthorized activity which determined on June 21, 2021 that the documents contained the following types of plan member information: Names, addresses, dates of birth, member identification numbers, primary care physician names, diagnoses, procedure billing codes, approved services, and/or procedure types.
The sending of plan members’ information to personal email accounts is a violation of South Florida Community Care Plan policies; however, no evidence was found to indicate the information was sent outside the scope of the former employee’s employment.
South Florida Community Care Plan said data security is one of its top priorities and steps were taken to prevent unauthorized data access and exfiltration. The employee’s email and login credentials were revoked at the time employment came to an end, a full audit was conducted into the activities of the employee within the IT system, and all company-issued equipment was recovered. A further audit was then conducted into the employee’s actions while employed at CCP to ensure there were no other instances of unauthorized activity.
All individuals affected by the incident have now been notified and, as a precaution against identity theft and fraud, have been provided with complimentary credit monitoring services. Affected individuals have been advised to monitor their accounts and credit reports over the next 12-24 months for any signs of suspicious activity.
The data breach has been reported to the Department of Health and Human Services’ Office for Civil Rights as affecting 48,344 patients.