Danville, Pa.-based Geisinger Health Plan began notifying an undisclosed number of patients Oct. 18 that their information may have been exposed in a phishing attack at a third-party vendor, according to The Sentinel.
Magellan National Imaging Associates, a third-party vendor hired to manage radiology benefits, discovered in July that an employee had fallen victim to a phishing attack. Through the attack, hackers were able to send out large volumes of unsolicited commercial emails through the infected email account.
Additionally, Magellan determined that the hacker may have gained access to the employee's login credentials. The company notified Geisinger in September that patient information may have been viewed or accessed through the phishing attempt.
Magellan believes that the unauthorized user was solely attempting to access the email account to send the spam emails. Patient data that may have been exposed included names, patient identification numbers, types of services, authorized identification numbers and diagnoses.
"Geisinger is committed to protecting the privacy of our members," Geisinger Chief Privacy Officer John Signorino said, according to The Sentinel. "We worked closely with Magellan to make sure all affected members were identified and properly notified. Although all evidence points to the fact that the intruders only intended to issue spam emails, in an abundance of caution we are offering all of our affected members complimentary credit monitoring and encourage them to sign up by following the instructions in the letters they received."
Geisinger Health Plan has stopped doing business with Magellan.