HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Superior Dental Care Patients Informed of PHI Exposure Due to Email Account Breach

The Centerville, Ohio dental insurance carrier, Superior Dental Care, has discovered an unauthorized individual has gained access to an employee’s email account and potentially viewed the protected health information of certain members.

The email account breach was detected on January 23, 2019 following the identification of suspicious activity within the employee’s email account. The password for the account was immediately changed and further unauthorized access was prevented.

A third-party computer forensics firm was called in to assist with the investigation and determine the nature and scope of the breach.

On February 11, 2019, Superior Dental Care learned that the account had been accessed by an unidentified third party and unauthorized access to the email account was first gained on December 21, 2018.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The email account contained information such as names, addresses, Social Security numbers, medical information, and payment information related to dental services received.

All individuals affected by the breach have now been notified by mail and the breach has been reported to appropriate authorities.

Processes have already been implemented to strengthen system security and Superior Dental Care will continue to work with third-party security experts to better protect members’ personal information.

The Department of Health and Human Services’ Office for Civil Rights breach portal indicates 38,260 patients were affected by the breach.

L.A. Care Health Plan Alerts Members to PHI Exposure Due to Mailing Error

L.A. Care Health Plan is alerting some of its members to a privacy breach that saw members’ protected health information accidentally disclosed to other members.

A system error resulted in L.A. Care member ID cards being mismatched and sent to incorrect plan members. In some cases, members received their correct ID card along with the ID cards of other members in the same envelope.

The system error occurred on June 1, 2018 and affected ID card mailings up until January 30, 2019.

The protected health information that was accidentally disclosed was limited to name, phone number, member ID number, medical group name, PCP/Clinic name, and health plan name.

L.A. Care Health Plan has since updated its processes and procedures to reduce the risk of a similar incident occurring in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.