- CNO Financial Group reported to OCR on Oct. 25 that a breach compromised PHI on 566,217 individuals.
CNO Financial Group’s largest unit, Bankers’ Life, issued a statement describing the breach. The group discovered on Aug. 7 that unauthorized third parties accessed credentials belonging to a number of employees between May 30 and September 13, 2018.
During this period, unauthorized third parties used employee information to gain access to company websites, possibly accessing personal information of policyholders and applicants.
CNO Financial Group provides Medicare supplement insurance, supplemental health insurance, life insurance, long-term care insurance, and annuities through Bankers’ Life and Colonial Penn Life Insurance.
“When we first learned of this activity on August 7, we began an investigation and notified federal law enforcement. We hired an external forensics investigator to conduct the investigation and took steps to further restrict and monitor access to our systems and to enhance additional security procedures,” the statement said.
The personal information that may have been accessed included names, addresses, dates of birth, insurance information, and the last four digits of Social Security numbers. For some victims, full Social Security numbers, driver’s license or state identification card numbers, bank account numbers, credit or debit card information, medications, diagnosis, and/or treatment plans may have been accessed.
The group said it is offering free identity repair and credit monitoring services to those affected by the breach.
Stolen Laptop Exposes PHI on 10K Raley’s Pharmacy Patients
Raley’s Supermarkets notified the California Attorney General that a laptop stolen from an employee on Sept. 24 may have contained unencrypted PHI on pharmacy patients of its Raley’s, Bell Air, or Nob Goods stores.
On its website, Raley’s said that around 10,000 pharmacy patients were affected.
In an Oct. 26 letter to potential victims, the company said that the laptop may have contained customer’s first name, last name, gender, date of birth, health plan, plan member identification number, medical condition, pharmacy location visited sometime between January 1, 2017, and September 24, 2018, and in some cases the prescription drug filled.
Raley’s stressed that the laptop did not contain addresses, Social Security numbers, credit card information, or driver’s license numbers.
“We have taken steps to investigate this incident and to prevent similar incidents from occurring again. Among other steps taken to investigate this incident, we interviewed employees with access to the laptop to understand potential content on the laptop and examined emails received by those employees with links to download files that may have been temporarily downloaded to cache files on the laptop. Among other steps taken to protect against further incidents, we have encrypted all pharmacy laptops,” Raley’s said in the letter.
Ransomware Attack Exposes PHI on 16K Patients at NAHI
The National Ambulatory Hernia Institute (NAHI) reported to OCR Oct. 5 that an email attack affected PHI of 15,974 individuals.
On its website, NAHI said that it suffered a ransomware attack on Sept. 13 that was tied to the email address [email protected], which is associated with Gamma ransomware. Gamma is member of the Crysis ransomware family. During encryption, Gamma ransomware adds the “.gamma” extension to every encrypted file.
The ransomware attack may have exposed information on patients treated by the institute’s physicians prior to July 19. Information that might have been compromised included full name, address, date of birth, Social Security number, diagnosis, and appointment date and time.
“Our office has moved all of our data to an off-site server, continues to investigate this matter, and has taken steps to eliminate the possibility of a future breach including the purchase of a more robust firewall and antivirus,” NAHI explained on its website.