Phishing Attack Impacted Thousands of TennCare and Florida Blue Members

Other healthcare companies have affirmed that they were affected by the Magellan Health National Imaging Associates data breach. Magellan Health NIA provides managed pharmacy and radiology benefits services for a number of HIPAA-covered entities as a business associate.

Last month, Geisinger Health Plan based in Danville, PA said that the breach impacted 5,848 of its members. Recently, Florida Blue (a health insurance firm) and TennCare (the Medicaid program in Tennessee), made the same press releases. 56,226 members of Presbyterian Health Plan in Albuquerque, NM were also affected by the breach.

Magellan Health NIA encountered the phishing attack on May 28, 2019, but only became aware of the incident on July 5, 2019 when the attacker used the compromised email account to send a lot of spam email messages. The affected email account was secured upon discovery.

An internal investigation of the breach confirmed that a person from outside the United States accessed the mailbox several times. The intent of the attacker is likely just to send spam email using the email account. The investigators found no evidence of access or theft of protected health information (PHI), however, the possibility can’t be ruled out.

Magellan Health NIA informed TennCare about the breach on September 11, which was one day after the discovery of the breach impact by Magellan Health. Magellan Health NIA sent breach notifications to Geisinger Health Plan on September 24, and Florida Blue on September 25.

Florida Blue has no announcement yet about the exact number of its affected members, but it mentioned that the PHI of less than 1% of 5 million members were exposed. The compromised information only included name, birth date, health plan name, healthcare provider’s name, member ID number, medication name, code of imaging procedures done, benefit authorization details, and authorization number. Florida Blue is offering credit monitoring services for free to its affected members.

TennCare announced that the breach impacted 43,847 people. The potentially compromised data included members’ names, ID numbers, health plan data, healthcare providers’ names, names of drugs, and Social Security numbers. TennCare also offered credit monitoring services as a preventative measure against data misuse.