Tufts Health Plan Members’ PHI Exposed in EyeMed Phishing Attack

60,545 members of Tufts Health Plan have had their protected health information exposed in a phishing attack on the vision benefits management company EyeMed.

The phishing attack occurred in June 2020 and was discovered by EyeMed on July 1, 2020. Access to the breached account was terminated the same day. EyeMed notified Tufts Health Plan about the breach in September 2020.

The compromised email account contained the following types of protected health information: Names, addresses, dates of birth, phone numbers, email addresses, vision insurance account/identification numbers, health insurance account/identification numbers, Medicaid or Medicare numbers, driver’s license or other government identification numbers, and birth or marriage certificates. Partial or full social security numbers and/or financial information, medical diagnoses and conditions, treatment information, and/or passport numbers were implicated for some individuals.

Affected individuals have been offered a 2-year complimentary membership to credit monitoring and identity protection services.

Security Incident Affects Tennessee Proton Radiation Therapy Centers

Two proton radiation therapy centers in Tennessee have been impacted by a security incident. The attack occurred in the early hours of October 28, 2020 and affected The Proton Therapy Center, LLC in Knoxville and MTPC, LLC in Nashville.

The attack has caused continued disruption to some clinical and financial operations, although care continues to be delivered safely and effectively. Efforts are underway to mitigate the attack and established back-up processes including offline documentation methods have been adopted.

The investigation into the breach has not uncovered evidence so far to indicate patient or employee information was copied, accessed, or misused.

Liv-On Family Care Center Patients Notified of PHI Theft

St. Paul, MN-based Liv-On Family Care Center is notifying 1,580 patients that computer equipment containing their protected health information was stolen in a break-in on October 25, 2020.

The thieves stole computers, laptops, and tablets that contained information such as patients’ names, date of births, addresses, social security numbers, medical records, and other information. The devices were password protected, but not encrypted, so it is possible that the PHI could be accessed. The break-in has been reported to law enforcement, but the stolen computer equipment has not been recovered.

Presbyterian Health Plan Mailing Error Affects More Than 3,500 Members

Albuquerque, NM-based Presbyterian Health Plan is notifying 3,557 plan members about a mailing error that saw letters misdirected to other health plan members. On October 1, 2020, letters were sent to plan members advising them about recommended health screenings for managing their healthcare treatment and provided contact information for care coordination. Those letters were addressed to patients by name but were sent to other members’ addresses. The mailing did not include any Social Security numbers, financial or credit card information, or any information contained in medical systems or any other health information.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.