Tufts Health Plan Members’ PHI Exposed in EyeMed Phishing Attack
60,545 members of Tufts Health Plan have had their protected health information exposed in a phishing attack on the vision benefits management company EyeMed.
The phishing attack occurred in June 2020 and was discovered by EyeMed on July 1, 2020. Access to the breached account was terminated the same day. EyeMed notified Tufts Health Plan about the breach in September 2020.
The compromised email account contained the following types of protected health information: Names, addresses, dates of birth, phone numbers, email addresses, vision insurance account/identification numbers, health insurance account/identification numbers, Medicaid or Medicare numbers, driver’s license or other government identification numbers, and birth or marriage certificates. Partial or full social security numbers and/or financial information, medical diagnoses and conditions, treatment information, and/or passport numbers were implicated for some individuals.
Affected individuals have been offered a 2-year complimentary membership to credit monitoring and identity protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Security Incident Affects Tennessee Proton Radiation Therapy Centers
Two proton radiation therapy centers in Tennessee have been impacted by a security incident. The attack occurred in the early hours of October 28, 2020 and affected The Proton Therapy Center, LLC in Knoxville and MTPC, LLC in Nashville.
The attack has caused continued disruption to some clinical and financial operations, although care continues to be delivered safely and effectively. Efforts are underway to mitigate the attack and established back-up processes including offline documentation methods have been adopted.
The investigation into the breach has not uncovered evidence so far to indicate patient or employee information was copied, accessed, or misused.
Liv-On Family Care Center Patients Notified of PHI Theft
St. Paul, MN-based Liv-On Family Care Center is notifying 1,580 patients that computer equipment containing their protected health information was stolen in a break-in on October 25, 2020.
The thieves stole computers, laptops, and tablets that contained information such as patients’ names, date of births, addresses, social security numbers, medical records, and other information. The devices were password protected, but not encrypted, so it is possible that the PHI could be accessed. The break-in has been reported to law enforcement, but the stolen computer equipment has not been recovered.
Presbyterian Health Plan Mailing Error Affects More Than 3,500 Members
Albuquerque, NM-based Presbyterian Health Plan is notifying 3,557 plan members about a mailing error that saw letters misdirected to other health plan members. On October 1, 2020, letters were sent to plan members advising them about recommended health screenings for managing their healthcare treatment and provided contact information for care coordination. Those letters were addressed to patients by name but were sent to other members’ addresses. The mailing did not include any Social Security numbers, financial or credit card information, or any information contained in medical systems or any other health information.
