Anthem MaineHealth Suffers Third-Party Data Breach, 13K Impacted

October 04, 2022 - Anthem MaineHealth disclosed a third-party data breach to the Maine Attorney General’s Office that impacted 13,406 individuals.

On August 5, the company learned that an unauthorized person was offering to make data available that was allegedly taken from Choice Health, one of AMH Health’s vendors.

An investigation confirmed that a single Choice Health database was accessible through the internet due to a technical security configuration issue caused by a third-party service provider.

The unauthorized party gained access to the database and obtained certain files on May 7, 2022.

According to Anthem MaineHealth’s official filing, the third-party data breach involved personal health information (PHI), including name, email addresses, social security number, health plan carrier, and Medicare ID number.

This is the same third-party breach that impacted 22,767 individuals at Humana.

“Upon learning of the incident, Choice Health worked with their third-party service provider to reconfigure the security settings on the database,” a Choice Health notice regarding the Humana data breach stated.

“The database is no longer accessible through the Internet. Choice Health has also taken steps to enhance their data security measures to prevent the occurrence of a similar event in the future, including requiring multi-factor authentication for all access to database files.”

WellMed Data Security Incident, HIPAA Violation Impacts 10K

Physician-led healthcare company, WellMed began notifying patients of a data security incident that involved the theft of patient medical records.

On July 27, 2022, the organization became aware of a physician who obtained some patient medical records with the intent to contact individuals soliciting them to become patients at his new clinic.

“The unauthorized removal of WellMed patient medical records is a violation of federal HIPAA regulations, state privacy statutes, as well as WellMed’s internal policies and employment agreements,” the notice said.

The data breach, which occurred between February 6and May 17, 2022, impacted over 10,500 individuals. The stolen patient records included sensitive PHI, such as demographic information, health insurance information, and medical information. However, the patient records did not involve any Social Security numbers, driver’s license numbers, or financial account information

At the time the incident was discovered, the physician had since left.

WellMed stressed that protecting confidential patient information is a crucial priority to them and took prompt action to investigate the matter.

“As part of its investigation, WellMed identified the medical records, confirmed the information was secure, caused the return or deletion of the information from the physician, and stopped further unauthorized outreach to patients based on the use of the information,” the report mentioned.” We have also recovered all the information.”

Following this incident, the clinic aims to reinforce its existing policies and practices with employees and evaluate additional safety measures to prevent similar occurrences.

Nearly 12K Affected by Neurology Center of Nevada Data Breach

Neurology Center of Nevada (NCNV) suffered a data breach that impacted 11,700 individuals.

NCNV noticed certain computer systems were inaccessible on July 17, 2022, a notice on its website stated. Upon the unusual discovery, the organization said it embarked on an extensive investigation to determine the nature and scope of the event. 

The investigation concluded that between June 12, 2022, and July 17, 2022, an unauthorized party accessed certain patient data, which could have included names, driver’s license numbers, Social Security numbers, health insurance information, treatment information, lab results, and other PHI.

A more comprehensive review of the breach will determine what information was specifically comprised.

“As part of our ongoing commitment to information security, we are reviewing our existing policies and procedures and implementing additional administrative and technical safeguards to further secure information in our care,” the organization wrote regarding the incident. “We also reported the event to the U.S. Department of Health and Human Services and federal law enforcement.”

As a precautionary measure, NCNV recommends individuals “to remain vigilant against incidents of identity theft by reviewing account statements, credit reports, and explanations of benefits for unusual activity and to detect errors.”