The Scottsville, AZ-based managed care company, Magellan Health, has discovered two of its subsidiaries have experienced phishing attacks that exposed the protected health information of members of Albuquerque, NM-based Presbyterian Health Plan.
The phishing attacks were experienced by National Imaging Associates and Magellan Healthcare, which both provide services to Presbyterian Health Plan. Both incidents were reported to the Department of Health and Human Services’ Office for Civil Rights on September 17, 2019.
The National Imaging Associates incident was discovered on July 5 and affected 589 individuals and the Magellan Healthcare breach was discovered on July 12 and affected 55,637 individuals. Both incidents occurred within a few days but they are not believed to be related.
The email accounts of two employees were breached on May 28 and June 6, 2019. Both of those individuals handled data related to members of the health plan. The investigation determined the aim of the attack was to compromise email accounts to use them to distribute spam email. No evidence was uncovered to suggest emails in the accounts were accessed by the attackers and neither have any reports been received to suggest there has been any misuse of plan members’ data.
Affected individuals had some or all of the following information exposed: Member’s name, date of birth, member ID number, provider name, health benefit authorization information, date(s) of service, and billing codes. A limited number of plan members also have their Social Security number exposed. Complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security number was exposed.
As a result of the attacks, Magellan Health’s information security team has implemented additional authentication measures and email security has been bolstered. The employee security awareness training program has also been enhanced.
It has been a bad few months for Presbyterian Health Plan members. The health plan was also affected by another targeted phishing attack which affected 183,400 plan members. That incident was reported to OCR in August. The investigation of that attack suggests the attackers were trying to obtain sensitive information.