PHI Compromised Due to Data Incidents at Anthem, CareOregon and WellMed Medical Management

Anthem has reported the compromise of the protected health information (PHI) of a number of plan members due to a data breach that happened at Choice Health, its vendor. Choice Health was allowed access to the information of plan members in order to carry out its contracted tasks. On August 5, 2022, Anthem found that an unauthorized person had acquired access to its database and extracted files that contain the PHI of plan members, which include names, addresses, birth dates, telephone numbers, email addresses, Medicaid ID numbers, and Medicare ID numbers.

Because of a misconfiguration by a third-party service provider, anyone can access the database online. On May 7, 2022, someone did access and download information. Choice Health stated that it has already secured the database and took steps to enhance its data security procedures to avoid the same occurrences down the road. Multi-factor authentication for accessing the database files has been implemented. Impacted persons were provided free credit monitoring services.

The breach impacted a number of Choice Health customers, such as Humana. Anthem informed the Maine Attorney General concerning the breach and stated that 13,406 AnthemMainHealth members were impacted. The breach additionally impacted some members of Anthem Blue Cross, although the exact number of affected Anthem Blue Cross members is not yet known.

CareOregon Announces Mailing Error in August 2022

The medical insurance company, CareOregon based in Portland, OR, recently reported the impermissible disclosure of some of the PHI of 8,022 of its members because of a mailing error.

The incident, which happened on August 9, 2022, resulted in the sending of marketing letters to the wrong CareOregon member. The data exposed included the name and Medicaid ID number of some CareOregon members. CareOregon mentioned it has put in place extra guidelines and procedures and has given more training to its workers to make sure the same breaches are averted later on.

WellMed Medical Management Alerts Patients Regarding Doctor Soliciting Business

The healthcare delivery firm, WellMed Medical Management based in San Antonio, TX, has cautioned 10,506 patients regarding one of its former doctors that took their records before leaving work with the intent of contacting those patients to urge them to become patients at his new hospital.

The doctor obtained the records from February 6, 2022 to May 17, 2022. The files included demographic data like names, birth dates, mailing addresses, telephone numbers, and email addresses; medical insurance details such as health plan identifier and payer name; and medical data including medical record numbers, names of providers, diagnoses, treatments, prescription drugs, and lab data. There was no theft of financial data, driver’s license numbers, or Social Security numbers.

WellMed stated it did something to stop further contact with the patients and informed the proper authorities concerning the HIPAA breach. WellMed has additionally stated that the documents obtained by the doctor have been retrieved. Because of the incident, WellMed strengthened its current guidelines and procedures and enforced more safety measures to stop identical incidents later on.