– Blue Cross Blue Shield of Michigan is notifying 15,000 customers that their data was potentially breached due to a stolen laptop.
According to the notice, the stolen laptop belonged to a business associate of one of its subsidiaries. An employee’s laptop was stolen on October 26, but BCBCM was not notified of the incident until November 12. Upon discovery, the employee’s login credentials were changed.
While the laptop was password protected and the data was encrypted, the employee’s credentials were potentially stolen and patient health information could have been accessed as a result. The compromised data included member names, identification numbers, dates of birth, medications, diagnoses, and provider details.
Social Security numbers and financial information weren’t included.
All plan members affected by the breach are being notified. Officials said the risk of fraud or identity theft is low, but BCBSM is providing customers with two years of free identity theft protection services. BCBSM is still working with its subsidiary, assessing policies and procedures to shore up security.
Phishing Attack on Humana’s Family Physicians Group
Orlando-based Family Physicians Group, which was recently acquired by Humana, was hit by a phishing attack that potentially breached the data of 8,400 patients.
The attack occurred on August 7. However, officials didn’t discover the attack until two weeks later on August 21. The exposed data included names, dates of birth, health plan identification details, and provider information. Social Security numbers weren’t included.
Officials have since bolstered security by implementing enhanced email security functions, forcing a password reset for all employees, and upgrading its email application.
Ransomware Compromises Patient Data of Dental Center of Northwest Ohio
Toledo-based Dental Center of Northwest Ohio is notifying former and current patients that a ransomware attack potentially compromised their personal health information.
According to officials, the dental center’s IT vendor, Arakyta, notified the provider of a potential security incident on its systems. Arakyta later determined the cause was ransomware, which disrupted services to the systems storing Dental Center data.
Dental Center launched its own investigation with a third-party computer firm into the incident to determine the scope of the attack. Officials determined patient data was potentially accessible by the attackers.
The compromised data varied by patient, but potentially included names, addresses, dates of birth, Social Security numbers, state identification numbers, driver’s license numbers, treatment details, medical histories, diagnoses, clinical treatment information, medical records, patient numbers, health insurance details, benefit data, and financial account information.
Patients have been offered credit monitoring and identity theft restoration services. Officials said Dental Center is adding further safeguards to better protect data, while reviewing its security policies and procedures.