2,330 UnitedHealthcare patients exposed after broker breached in phishing attack

More than 2,000 UnitedHealthcare patients are being notified that their data has been potentially exposed after several phishing attacks launched on a broker's email addresses.

Five details:

  1. Academic HealthPlans, which is contracted with UnitedHealthcare, provides student health insurance plans to universities. The broker began notifying universities and students of a cyberattack that may have resulted in unauthorized access to two Academic HealthPlans employee email accounts and the attachments within the emails, according to a July 20 data breach notification letter

  2. The email accounts contained students' names and personal health information.

  3. The email accounts had been compromised as a result of phishing attacks launched at the broker from Aug. 6-24, 2020, and again on Oct. 2, 2020. 

  4. The breach was not discovered by Academic HealthPlans until nearly a year later on July 1, according to information UnitedHealthcare provided Maine's attorney general office.

  5. The broker launched an investigation, which confirmed the unauthorized access occurred on its cloud and Microsoft Office email network.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars