Humana alerts 5,600 members after hackers posed as physician group and possibly exposed patient data

Mackenzie Garrity - Print  | 

Humana has notified 5,569 members of a security incident that may have exposed members' personal information.

On Nov. 8, Humana discovered that unauthorized third parties had posed as physician groups to register on Availity, one of the insurer's authorized service providers, web portal. The hackers then requested eligibility and benefit verification of health plan members through personal information they already had.

An internal review found the hackers had access to the portal between Jan. 15, 2016, to Feb. 21, 2018, and from May 24, 2018, to Nov. 8, 2018. Humana alerted patients on March 5 and April 4.

Humana said that no member data has been misused. Information that may have been exposed in the data breach included names, member identification number, plan effective data, benefit information and Care Reminders, which alerts physicians if screenings or lab tests need to be completed.

No Social Security numbers or banking information was exposed.

Humana is offering affected members identify theft protection for one year. Additionally, Availity has taken steps to secure its web portal, such as additional access requirements and enhanced monitoring.

More articles on cybersecurity:
How senators are responding to Quest Diagnostic data breach and what it means for healthcare cybersecurity
Opko Health alerts 422,600 patients of data breach
27 hospital, health system data breaches in 2019

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.