More than 2,000 UnitedHealthcare patients are being notified that their data has been potentially exposed after several phishing attacks launched on a broker's email addresses.
Five details:
- Academic HealthPlans, which is contracted with UnitedHealthcare, provides student health insurance plans to universities. The broker began notifying universities and students of a cyberattack that may have resulted in unauthorized access to two Academic HealthPlans employee email accounts and the attachments within the emails, according to a July 20 data breach notification letter.
- The email accounts contained students' names and personal health information.
- The email accounts had been compromised as a result of phishing attacks launched at the broker from Aug. 6-24, 2020, and again on Oct. 2, 2020.
- The breach was not discovered by Academic HealthPlans until nearly a year later on July 1, according to information UnitedHealthcare provided Maine's attorney general office.
- The broker launched an investigation, which confirmed the unauthorized access occurred on its cloud and Microsoft Office email network.