More healthcare companies have confirmed that the Magellan Health National Imaging Associates data breach has affected them. A number of HIPAA-covered entities have Magellan Health National Imaging Associates as a business associate providing managed pharmacy and radiology benefits services for them.
Geisinger Health Plan based in Danville, PA made an announcement last month that the breach affected 5,848 of its members. In the last few days, two more organizations, namely Florida Blue medical insurance firm and TennCare, Tennessee’s Medicaid program, made similar announcements.
Presbyterian Health Plan based in Albuquerque, NM likewise confirmed that 56,226 of its members were impacted by the breach.
The phishing attack on Magellan Health NIA happened on May 28, 2019, but the company became aware of the breach only on July 5, 2019 after the attacker used the compromised account to send lots of spam email. Magellan Health NIA already secured the affected email account.
According to the internal investigation findings, a person who is not from the U.S accessed the mailbox on a number of instances. The motive behind the attack seems to be just to send out spam using the email account. There is no evidence discovered that indicates the access or theft of PHI, but the possibility cannot be ruled out.
TennCare received breach notification on September 11, one day after Magellan Health knew it was affected. Magellan Health NIA informed Geisinger Health Plan concerning the breach on September 24, while Florida Blue was notified on September 25.
Florida Blue did not disclose yet how many members were affected but said that the PHI of less than 1% of its 5 million members were exposed. There was only limited information compromised in the phishing attack which included the names, birthdates, members’ ID number, name of health plan, name of provider, drug label, name of imaging processes done, benefit authorization result, and authorization number. Florida Blue is giving free credit monitoring services to impacted members.
TennCare confirmed that the breach impacted 43,847 of its members. The data potentially compromised included names, health plan details, member ID numbers, names of providers, prescribed drugs, and Social Security numbers. TennCare offered free credit monitoring services as protection against data misuse. to the members impacted by the breach