Dominion National, an insurance provider and administrator of vision and dental benefits, reported on July 2019 that it suffered a serious data breach that affected close to 2.9 million health plan members. Dominion National servers had been hacked in 2010 but the data breach was discovered on April 24, 2019.
Providence Health Plan recently told that the Dominion National breach impacted 122,000 of its plan members. Because the Dominion National based in Virginia manages Providence Health Plan’s dental plan in Oregon since 2015, the insurer had access to the protected health information (PHI) of plan members. The PHI, including names, addresses, birth dates, insurance details and Social Security numbers, of plan members who took part in the dental program from 2015 to 2019 was compromised
Dominion National notified the affected Providence Health Plan members in August and offered them two years of credit monitoring and identity theft protection services for free.
7,358 Connally Memorial Medical Center Patients Affected by Laptop Theft
7,358 patients of Connally Memorial Medical Center located in Floresville, Texas received notifications from Wilson County Memorial Hospital District that some of their private and medical data were exposed.
A business associate of the medical center had a laptop computer containing patient data. On April 23, 2019, that laptop was stolen. The unnamed business associate performed a forensic investigation to ascertain if the device stored PHI and what PHI, if any. That analysis showed that the laptop stored a limited number of PHI and it’s possible that unauthorized persons accessed the information.
The majority of people affected only had the following information exposed: first and last name, birth date, gender, ethnicity, specialty referral data, and an internal tracking number. A few patients also had the following information exposed: full name, diagnosis, transfer date, the reason for transfer and the name of the hospital where that person was transferred.
Because of the breach, the medical center updated its business associate agreements to assert that all business associates should encrypt laptops that store patient data. Though financial data or Social Security numbers were not exposed, as a safety precaution, the center offered free credit monitoring services to the affected persons for 12 months.