Anthem and Humana began notifying members their protected health information may have been exposed in a ransomware attack on a billing vendor.
Three things to know:
- PracticeMax, a provider of billing and IT solutions to healthcare organizations, experienced a ransomware attack from April 17 to May 5. The company discovered it was under attack May 1.
- PracticeMax hired a security forensics firm and retained legal counsel after discovering the attack. The company regained access to its systems May 6. An investigation uncovered a server with protected health information was accessed and certain files may have been removed. Potentially exposed data includes names, birth dates and medical-related information.
- Humana and Anthem use the vendor to share information with Village Health, a kidney care provider. Humana reported to the Maine attorney general's office Sept. 28 that 4,424 patients have been affected. Anthem reported the breach to the California attorney general's office Oct. 15, but it is unclear how many patients have been affected.
Becker's Hospital Review reached out to Anthem and Humana for comment and will update this story if it receives additional information.