Breaches at Tufts Health Plans, Liv-On Family Care Center, Tennessee Proton Radiation Therapy Centers, and Presbyterian Health Plan

A phishing attack on Tufts Health Plan resulted in the compromise of the protected health information (PHI) of 60,545 members’ of EyeMed, a vision benefits management company.

EyeMed uncovered the phishing attack on July 1, 2020, but the attack happened in June 2020. On the day of learning about the breach, the firm blocked accessibility to the compromised account. In September 2020, EyeMed informed Tufts Health Plan regarding the attack.

These types of PHI were contained in the breached email account: Names, , birth dates, email addresses, addresses, telephone numbers, vision insurance account/identification numbers, medical insurance account/ID numbers, Medicaid or Medicare numbers, driver’s license or other government identification numbers, and marriage or birth certificates. Incomplete or complete social security numbers and/or financial details, medical diagnoses and ailments, treatment details, and/or passport numbers were suggested as a factor for certain people.

EyeMed provided the impacted persons with a free membership to credit monitoring and identity protection services for 2 years.
.

Liv-On Family Care Center Patients Alerted of PHI Thievery

Liv-On Family Care Center based in St. Paul, MN is informing 1,580 patients regarding the theft of computer equipment comprising their PHI at the time of a robbery on October 25, 2020.

The intruders took computers, laptop computers, and tablets that stored data like patients’ names, dates of birth, addresses, health records, social security numbers, and other details. The gadgets had password protection, however not encrypted, hence it’s possible to access the data. The center had reported the burglary to the authorities, although there is no stolen computer devices retrieved yet.

 

Security Breach Impacts Tennessee Proton Radiation Therapy Centers

A security event affected two proton radiation therapy centers established in Tennessee. The attack transpired on the morning of October 28, 2020. It impacted The Proton Therapy Center, LLC established in Knoxville and MTPC, LLC located in Nashville.

The attack brought on continued interruption to a few clinical and financial processes, but the centers kept delivering safe and efficient patient services. Work is ongoing to control the attack. Currently, the centers used their set up back-up procedures like offline logging solutions.

To date, there is no proof discovered that reveals the duplicating, access and improper use of patient or staff data.

Over 3,500 Presbyterian Health Plan Members Impacted By Mailing Error

Presbyterian Health Plan located in Albuquerque, NM is informing 3,557 plan members concerning a mailing error that resulted in the wrong delivery of letters to other members. On October 1, 2020, letters were delivered to plan members informing them about proposed health screenings for dealing with their medical treatment and given contact data for care coordination. The letters addressed to patients were mailed to the wrong addresses of members. The mailing didn’t contain any of the listed information: Social Security numbers, financial or credit card details, or any data stored in medical systems or some other health data.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA