13K Affected in Third-Party Data Breach at Anthem MaineHealth
A third-party service provider accessed the database of Anthem MaineHealth and obtained patients’ files with their perosnal data, leaving more than 13k people vulnerable to security risks.
Anthem MaineHealth disclosed a third-party data breach that impacted 13,406 people. The company heard about a person offering to make data available that was stolen from Choice Health, one of AMH Health’s vendors.
Through investigation, it was revealed that a third-party service provider made a single Choice Health database accessible on the internet through a technical security configuration.
On May 7, 2022, the database was accessed in which an unauthorised party obtained certain files. According to the official filing of Anthem MaineHealth, personal health information (PHI) has been taken in the third-party data breach, including name, Medicare ID number, email address, health plan carrier and social security number. The same third-party breach affected 22,767 individuals at Humana.
According to the statement of a Choice Health notice regarding the data breach, “Upon learning of the incident, Choice Health worked with their third-party service provider to reconfigure the security settings on the database.”
Further, it added, “The database is no longer accessible through the Internet. Choice Health has also taken steps to enhance their data security measures to prevent the occurrence of a similar event in the future, including requiring multi-factor authentication for all access to database files.”
WellMed, a physician-led healthcare company, started notifying patients regarding a data security incident involving the theft of patients’ medical records.
It came to the organisation’s notice that a physician obtained some medical records of patients for pursuing them for his new clinic.
“The unauthorised removal of WellMed patient medical records is a violation of federal HIPAA regulations, state privacy statutes, as well as WellMed’s internal policies and employment agreements,” the notice said.
Impacting around 10,500 individuals, the data breach occurred between February 6 to May 17, 2022. Sensitive PHI, including health insurance data, demographic information and medical information, was included in the stolen patient records.
WellMed said that securing patients’ confidential data is a crucial priority, and they took immediate action to investigate the problem.
“As part of its investigation, WellMed identified the medical records, confirmed the information was secure, caused the return or deletion of the information from the physician, and stopped further unauthorised outreach to patients based on the use of the information. We have also recovered all the information”, mentioned the report.