Providence business associate coding error exposes info of 49,511 health plan members

Providence Health Plan business associate Zipari in April notified the health insurer that a coding error allowed unauthorized users to access certain unencrypted enrollment documents for small group health plan members.

Portland, Ore.-based Providence Health Plan reported the security incident to HHS on June 16 as impacting 49,511 members. After discovering the incident on April 9, Zipari launched an investigation and found that certain Providence Health Plan enrollment documents were accessed by unauthorized IP addresses in May, September and November of 2019.

Information accessed was limited to small employer group renewals, including employer names, member names and member dates of birth. No medical history, health information, Social Security numbers or financial information was exposed. 

Providence Health Plan had hired Zipari to prepare enrollment documents for employer-sponsored plans in the small group market. The tech services company fixed the coding error and has implemented additional access controls to prevent unauthorized access to files, according to a notice published on Providence Health Plan's website.

Providence Health Plan is offering identity theft protection services to individuals affected by the incident and is arranging a third-party audit of Zipari's data security practices.

More articles on cybersecurity:
Healthcare providers that underwent cyberattacks in 2020 so far
Independence Blue Cross alerts members of data breach
Florida orthopedic group hit with $99M lawsuit over patient data exposure: 3 details

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers