Email phishing attack on Minnesota health plan exposes 66,000 members' info

South Country Health Alliance, a county-owned health plan based in Owatonna, Minn., has notified members that their personal information was exposed during a  phishing attack on an employee email account last June.

On Sept. 14, the health plan discovered that an unauthorized party accessed an employee email account on June 25. South Country Health Alliance immediately secured the account, conducted an investigation and sought counsel from cybersecurity experts. 

On Nov. 5, the health plan determined that 66,874 members' personal information was exposed in the account. Exposed information included names, Social Security numbers, addresses, Medicare and Medicaid numbers, health insurance information, diagnostic or treatment information, death dates, provider names and information about treatment costs.

The health plan said it has not become aware of any misuse of the exposed information, but it began notifying affected members about the attack Dec. 30. The notice offered information about the cybersecurity attack as well as complimentary credit monitoring and identity protection service.

More articles on cybersecurity: 
Jefferson Healthcare email hack put info of 2,500 patients at risk: 4 details
Hackers get patients' PHI after inflicting malware on Florida hospital's computer network
Banner Health to pay $200K settlement in HIPAA Right of Access case

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.