Breaches at Tufts Health Plans, Tennessee Proton Radiation Therapy Centers, Liv-On Family Care Center and Presbyterian Health Plan

A phishing attack on Tufts Health Plan led to the exposure of the protected health information (PHI) of 60,545 members’ of EyeMed, a vision benefits management company.

EyeMed discovered the phishing attack on July 1, 2020, but the phishing attack happened in June 2020. On the day of discovering the breach, the firm terminated access to the breached account. In September 2020, EyeMed advised Tufts Health Plan regarding the breach.

The following types of protected health information were included in the compromised email account: Names, birth dates, email addresses, physical addresses, phone numbers, birth or marriage certificates,government ID or driver’s license numbers, vision insurance account/identification numbers, Medicaid or Medicare numbers, and health insurance account numbers. The medical diagnoses and issues, partial or full social security numbers and/or financial information,  treatment details, and/or passport numbers were compromised for some people.

EyeMed offered the affected persons a complimentary membership to credit monitoring and identity protection services for two years.

Security Incident Affects Tennessee Proton Radiation Therapy Centers

Two proton radiation therapy centers located in Tennessee encountered a security incident that affected MTPC, LLC in Nashville and Proton Therapy Center, LLC in Knoxville. The incident transpired in the early morning of October 28, 2020.

The attack resulted in continued disturbance to a number of clinical and financial processes, nevertheless, the centers continued to deliver safe and effective patient services. Action is underway to counteract the attack. At this time, the centers adopted the established back-up procedures such as offline recording techniques.

So far, there is no evidence found that indicates the copying, access and misuse of patient or employee details.

Liv-On Family Care Center Patients Notified of PHI Theft

Liv-On Family Care Center located in St. Paul, MN is sending a notification to 1,580 patients concerning the theft of computer equipment that contains their PHI during a burglary on October 25, 2020.

The burglars stole computers, laptops, and tablets that comprised info such as patients’ names, dates of birth, addresses, health records, social security numbers, and other data. The devices were password-protected, however not encrypted, therefore it may be possible to access the PHI. The center already reported the break-in to the police, however, there are no stolen computer gadgets recovered yet.

More Than 3,500 Presbyterian Health Plan Members Affected By Mailing Error

Presbyterian Health Plan based in Albuquerque, NM is notifying 3,557 plan members concerning a mailing error that caused the misdirection of letters to other health plan members. On October 1, 2020, letters were sent to plan members telling them about recommended health screenings for taking care of their healthcare treatment and offered contact details for care coordination. The letters addressed to patients were delivered to some other addresses of members. The mailing did not have any of the following information: Social Security numbers, financial or credit card data, or any data included in medical systems or any other health data.