Brand New Day discovered the breach on Dec. 28, 2016. An unauthorized individual accessed personal health information provided to one of the health plan’s HIPAA business associates. The individual gained access via the contracting partner’s third-party vendor system on Dec. 22, 2016. The data accessed included plan members’ names, addresses, phone numbers, dates of birth and Medicare ID numbers. There is no indication that any personal health information was stolen, however law enforcement did launch a criminal investigation.
Brand New Day launched an investigation as well. It asked the contracting vendor to immediately cut off access to the information and ensured that the error due to which the individual was able to gain access was removed within a few hours.
All affected individuals have been offered a year of free identify theft management services from Experian.
More articles on health IT:
Tesla appoints new CIO
Bronx HIE taps IMAT for population health management
Compass rolls out healthcare navigation app
