Share this article on:
The Centerville, Ohio dental insurance carrier, Superior Dental Care, has discovered an unauthorized individual has gained access to an employee’s email account and potentially viewed the protected health information of certain members.
The email account breach was detected on January 23, 2019 following the identification of suspicious activity within the employee’s email account. The password for the account was immediately changed and further unauthorized access was prevented.
A third-party computer forensics firm was called in to assist with the investigation and determine the nature and scope of the breach.
On February 11, 2019, Superior Dental Care learned that the account had been accessed by an unidentified third party and unauthorized access to the email account was first gained on December 21, 2018.
The email account contained information such as names, addresses, Social Security numbers, medical information, and payment information related to dental services received.
All individuals affected by the breach have now been notified by mail and the breach has been reported to appropriate authorities.
Processes have already been implemented to strengthen system security and Superior Dental Care will continue to work with third-party security experts to better protect members’ personal information.
The Department of Health and Human Services’ Office for Civil Rights breach portal indicates 38,260 patients were affected by the breach.
L.A. Care Health Plan Alerts Members to PHI Exposure Due to Mailing Error
L.A. Care Health Plan is alerting some of its members to a privacy breach that saw members’ protected health information accidentally disclosed to other members.
A system error resulted in L.A. Care member ID cards being mismatched and sent to incorrect plan members. In some cases, members received their correct ID card along with the ID cards of other members in the same envelope.
The system error occurred on June 1, 2018 and affected ID card mailings up until January 30, 2019.
The protected health information that was accidentally disclosed was limited to name, phone number, member ID number, medical group name, PCP/Clinic name, and health plan name.
L.A. Care Health Plan has since updated its processes and procedures to reduce the risk of a similar incident occurring in the future.