Business Associate Phishing Attack Impacts TennCare and Florida Blue Members

More healthcare organizations have revealed they have been impacted by a data breach at Magellan Health National Imaging Associates, a business associate of several HIPAA-covered groups that supply managed pharmacy and radiology benefits services.

Danville, PA-located Geisinger Health Plan revealed last month that 5,848 of its account holders had been impacted by the breach and Albuquerque, NM-based Presbyterian Health Plan has confirmed that 56,226 of its members have been affected. In recent days, health insurance company Florida Blue and the Tennessee state Medicaid program, TennCare, have revealed similar news.

The phishing attack took place on May 28, 2019. Magellan Health NIA became aware of the breach on July 5, 2019 and took action to safeguard the affected email account. The breach was discovered when the impacted account was used to send out large quantities of spam email.

The internal investigation found that the mailbox had been accessed on several occasions by a person based outside the United States. The aim of the attack appears to have been solely to use the email account to broadcast spam. No proof was found to indicate protected health information had been accessed or stolen, but the possibility could not be ruled out.

TennCare was informed it had been affected on September 11, a day after Magellan Health discovered it had been impacted. Magellan Health NIA alerted Geisinger Health Plan about the breach on September 24, and Florida Blue was alerted on September 25.

Florida Blue has not yet revealed exactly how many of its members have been impacted, only stating that fewer than 1% of its 5 million members had their protected health information exposed. The information compromised in the attack was restricted to name, date of birth, member ID number, health plan name, provider name, drug name, name of imaging procedures carried out, benefit authorization outcome, and authorization number. Florida Blue is supplying complimentary credit monitoring services to affected subscribers.

TennCare has revealed that 43,847 account holder were impacted by the breach. The information that may have been compromised included: names, member ID numbers, health plan information, provider names, names of prescribed medications, and Social Security details. TennCare has confirmed that subscribers impacted by the breach are being offered credit monitoring services as a precaution against misuse of their data.

Author: Maria Perez