The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

WellCare Health Reports Security Breach Affecting 24,800 Patients

Posted By on Feb 8, 2017

In August 2016, Summit Reinsurance Services experienced a data breach affecting a number of its healthcare clients. Highmark Blue Cross Blue Shield of Delaware was informed in early January that 19,000 of its members were impacted by the breach. Now, WellCare Health Plans has announced that 24,809 of its members have also been impacted by that security incident.

Summit Reinsurance Services had previously been contracted by WellCare to provide reinsurance services. WellCare no longer uses SummitRe as its reinsurance service provider, although the breach dates back to before WellCare’s association with the company was terminated.

WellCare was informed on December 27, 2016 that a ransomware infection had occurred at SummitRe on August 8, 2016 and that its members’ electronic protected health information had potentially been accessed by the attacker.

The ransomware encrypted a range of sensitive data including names, member IDs, home addresses, dates of birth, Social Security numbers, medical diagnoses and provider names and locations.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While many ransomware infections occur randomly as a result of employees opening malicious email attachments or from visiting malware-infected websites, in this case the investigation into the breach revealed that access to SummitRe’s system was first gained on March 12, 2016, approximately 5 months prior to ransomware being installed. That suggests the attacker had time to view sensitive information stored on its system and installed ransomware when there was no further need for system access.

While data were potentially accessed and viewed, neither Summit Reinsurance Services nor WellCare has uncovered any evidence to suggest that PHI was stolen by the attackers, nor that any ePHI has been misused.

75,000-Record Breach Discovered at Texas Medical Clinic

The breach would take the title of the worst healthcare data breach of 2017 to date, having resulted in the exposure of more than twice the number of records as the Verity Health System breach; however, yesterday, a new report appeared on the Department of Health and Human Services’ Office for Civil Rights breach portal.

Stephenville Medical & Surgical Clinic in Stephenville, Texas, reported a security breach has impacted 75,000 individuals. The incident involved the unauthorized accessing of a desktop computer, although at present few details of the incident have been released. An incident report will be posted on this site when further information becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist