Magellan Health, based in Scottsdale, Arizona, has revealed that discovered two of its subsidiaries have experienced phishing attacks that exposed the protected health information of members of Albuquerque, NM-based Presbyterian Health Plan.
The phishing attacks were identified by National Imaging Associates and Magellan Healthcare, which both supply services to Presbyterian Health Plan. Both incidents were reported to the Department of Health and Human Services’ Office for Civil Rights on September 17, 2019.
The National Imaging Associates incident was first noticed on July 5 and affected 589 individuals and the Magellan Healthcare breach was initially seen on July 12 and affected 55,637 individuals. Both incidents occurred within a few days but they are not believed to be connected.
The email accounts of two employees were infiltrated on May 28 and June 6, 2019. Both of those individuals handled data related to subscribers of the health plan. The investigation determined the focus of the attack was to compromise email accounts to use them to share spam email. Nothing was found to suggest emails in the accounts were logged onto by the hackers and neither have any reports been received to suggest there has been any misuse of plan subscribers’ data.
Impacted people had a portion all of the following information exposed: Member’s name, date of birth, member ID number, provider name, health benefit authorization information, date(s) of service, and billing codes. A limited number of plan members also have their Social Security number exposed. Complimentary credit reviewing and identity theft protection services have been offered to individuals whose Social Security number was accessible
Due to the attacks, Magellan Health’s information security team has created additional authentication measures and email security has been strengthened. The employee security awareness training program has also been made stronger.
Presbyterian Health Plan members was also impacted by another targeted phishing attack which affected 183,400 plan holders. That incident was made known OCR in August. The investigation of that attack suggests the cybercriminals were trying to obtain sensitive data.