Scan Health Data Breach Involved Unauthorized Use of Legitimate Login Credentials

On June 27, 2016, SCAN Health discovered that an unauthorized individual had gained access to the data of its members. Sales contact sheets had been accessed, which contained the names of members, their dates of birth, phone numbers, and addresses. In some cases, health notes were also obtained, which included the names of members’ physicians, brief descriptions of health conditions, along with details of medications that had been prescribed.

An investigation into the SCAN Health data breach revealed the data of 87,000 current and former members had been accessed. In fewer than 500 cases, Social Security numbers were also compromised. The breach affected members of SCAN Health, SCAN Health Plan Arizona, and the Village Health Plan.

An external security firm was contracted to conduct an investigation into the SCAN Health data breach. That investigation revealed that the data had been first accessed four months previously, between March and June 2016.

Security defenses were in place at Scan Health to protect its network from attacks from hackers; however, this data breach was caused from within. In this case, the login credentials were used to gain access to a database that was outside the organizations firewall. The breach was not discovered as quickly as an external cyberattack because legitimate login credentials had been used to access the data.

There are many ways that protected health information can be used for financial gain. Some employees steal data to sell on to criminals, while others use the information to commit fraud – submitting false tax returns in the names of plan members and healthcare patients for example.

In this case, data were stolen and used by an insurance agency to solicit business. The data breach was discovered when a plan member contacted SCAN Health to query a sales call that had been received.

SCAN Health already spends millions of dollars each year on cybersecurity defenses to protect its network from cyberattacks from external threats. The organization is now looking into ways that it can further protect its data from this type of incident. Its systems are also being analyzed to determine if any security vulnerabilities exist that could potentially be exploited to gain access to data.

The use of legitimate credentials by unauthorized individuals to gain access to sensitive data is a risk that all organizations face. Preventing insider data breaches can be a major challenge. While it may not be easy to prevent such breaches, it is important to identify them rapidly when they do occur. PHI access logs should be maintained and checked regularly to ensure that any unauthorized accessing of PHI is discovered promptly.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of