13K Affected in Third-Party Data Breach at Anthem MaineHealth

Richard Marley
October 05, 2022
3 minutes read
53

A third-party service provider accessed the database of Anthem MaineHealth and obtained patients’ files with their perosnal data, leaving more than 13k people vulnerable to security risks.

Anthem MaineHealth disclosed a third-party data breach that impacted 13,406 people. The company heard about a person offering to make data available that was stolen from Choice Health, one of AMH Health’s vendors.

Through investigation, it was revealed that a third-party service provider made a single Choice Health database accessible on the internet through a technical security configuration.

On May 7, 2022, the database was accessed in which an unauthorised party obtained certain files. According to the official filing of Anthem MaineHealth, personal health information (PHI) has been taken in the third-party data breach, including name, Medicare ID number, email address, health plan carrier and social security number. The same third-party breach affected 22,767 individuals at Humana.

According to the statement of a Choice Health notice regarding the data breach, “Upon learning of the incident, Choice Health worked with their third-party service provider to reconfigure the security settings on the database.”

Further, it added, “The database is no longer accessible through the Internet. Choice Health has also taken steps to enhance their data security measures to prevent the occurrence of a similar event in the future, including requiring multi-factor authentication for all access to database files.”

WellMed, a physician-led healthcare company, started notifying patients regarding a data security incident involving the theft of patients’ medical records.

It came to the organisation’s notice that a physician obtained some medical records of patients for pursuing them for his new clinic.

“The unauthorised removal of WellMed patient medical records is a violation of federal HIPAA regulations, state privacy statutes, as well as WellMed’s internal policies and employment agreements,” the notice said.

Impacting around 10,500 individuals, the data breach occurred between February 6 to May 17, 2022. Sensitive PHI, including health insurance data, demographic information and medical information, was included in the stolen patient records.

WellMed said that securing patients’ confidential data is a crucial priority, and they took immediate action to investigate the problem.

“As part of its investigation, WellMed identified the medical records, confirmed the information was secure, caused the return or deletion of the information from the physician, and stopped further unauthorised outreach to patients based on the use of the information. We have also recovered all the information”, mentioned the report.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Interpol Seizes $130M Worth of Virtual Assets from Cybercriminals Worldwide
The International Criminal Police Organization Interpol has seized $130 million worth of virtual assets that are linked to money laundering operations and different cybercrimes worldwide.

The “HAECHI III” law enforcement operation, which lasted between June 28 and November 23, 2022, enabled INTERPOL to arrest nearly a thousand suspects.

“In total, the operation resulted in the arrest of 975 individuals and allowed investigators to resolve more than 1,600 cases,” reads Interpol’s announcement. “In addition, almost 2,800 bank and virtual-asset accounts linked to the illicit proceeds of online financial crime were blocked.”

The various cybercrimes that contributed to the aforementioned sum include voice phishing, investment fraud, romance scams, sextortion, and money laundering linked to illegitimate online gambling.

Due to the activity, Interpol also produced 95 alerts and diffusions and identified 16 novel crime trends that would enable law enforcement agencies all around the world to concentrate on their efforts against cybercriminals more effectively.

The latest scams include types of financial fraud and romantic scams that criminals are continually improving to maintain novelty.

Additionally, Interpol noticed an increase in the usage of encrypted messaging applications by scammers to communicate with their victims in investment schemes.

Interpol’s statement also highlights the success of its fresh Anti Money Laundering Rapid Response Protocol (ARRP) mechanism, which was first put to the test during the organization’s prior operation, known as “Operation Jackal.”

Scammers had $1,250,000M returned to them due to ARRP, an Irish firm that was the victim of the Business Email Compromise (BEC). This was the total sum that the business lost to the BEC fraudsters, who ARRP assisted in identifying and seizing.

Since the beginning of ARRP’s pilot testing phase in January 2022, the technology has assisted in the recovery of $120M in cybercriminal proceeds.

Suggested Read: Interpol Warns of the Rise in Romance Scams as Valentine’s Day Approaches

Recent Posts

Blog
Customer Risk Assessment - A Landmark Approach to Fight Identity Fraud
Identity theft is the most prominent cybercrime which has raised alarms for global law enforcement authorities. Masterminds behind these scams are targeting all digital platforms, including e-commerce, ride-hailing apps, social media, and online gambling, which has made users vulnerable to risks of financial losses. The severity of identity fraud increases as criminals use stolen data to take over users’ accounts, make fake bank accounts, and carry out illicit financial transactions. The results remain disastrous for the affected persons as they lose their earnings without knowing about it.

The issue’s intensity can be judged by the fact that in the US alone, 42 million citizens became victims of identity theft, costing $52 billion in total losses. While onboarding any digital platform, users are asked to input their confidential details, which are further exploited by fraudsters. In fact, the service provider must secure their users’ information, but most platforms have inadequate screening measures, which ultimately aids bad actors in abusing the system. In such a situation, customer risk assessment is the most feasible approach, which can help businesses identify their users by applying strict checks and verifying their origins.

Identity Theft – A Looming Threat for Digital Businesses

Since the COVID-19 pandemic, the concept of using remote services has picked up the pace, and users prefer to visit digital platforms instead of going to offices. A large number of banks have introduced mobile apps for all types of transactions which has further provided attractive opportunities for criminals to steal someone’s identity, take over their account and transfer money to somewhere else. The majority of service providers have incorporated stringent checks like biometric authentication, two-factor authentication, and many others, but crime is still prevalent and increasing every year. The screening system based on the principles of customer risk assessment could be the most appropriate solution for online businesses as it can track the complete history of the users.

Account takeover is one of the leading issues that is increasing due to identity theft. The criminals use the stolen details of customers to log in to their bank or e-commerce accounts, further carrying out financial transactions. During the pandemic, a huge surge of 307% was witnessed in account takeover cases. Even now, when the effects of COVID-19 have almost diminished, criminals are involved in fraudulent activities in the same way. The Financial Action Task Force (FATF), the leading global organization fighting money laundering, has also suggested that online businesses should go for customer risk screening which is quite an ideal verification process.

How Law Enforcement Authorities are Countering Cybercriminals

Law enforcement authorities across the globe are facing the challenge of identity theft, and with time, criminal cases are increasing. Recently, several cases of identity fraud have been witnessed where cases were registered against criminals. Although countering the bad actors involved in online scams is quite gruesome, implementing customer risk assessment techniques can serve the purpose.

Let’s have a look at some of the high-profile cases of identity fraud:

Gang Members Sentenced to 60 Months in Prison for Identity Theft

The US Department of Justice has sentenced gang members to 60 months in prison who were involved in several online scams, including identity theft and wire fraud. It has been established during the investigation that they had been carrying out fraudulent activities for more than a year and during this time, they managed to steal $300,000 from the users. Court has further mentioned that no group or individual in the US will be allowed to defraud the users through online scams.

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Spanish Police have arrested a gang that was involved in providing fake identities and forged documents to customers. The investigation revealed that criminals were stealing users’ data from different online platforms and further selling it in the black market. Police have stated that it was a multi-million scam, and all the criminals have been sent to jail.

Fighting Identity Fraud Through Customer Risk Assessment

Customer risk assessment is a set of extreme measures which are generally used by businesses to verify the identities of their customers when some new professional relationship is formed. B2B companies are also using customer risk screening methods to authenticate the documents and identities of other businesses before making any contract with them. It is an ideal process for all digital service providers as it provides in-depth knowledge about the other party and makes a record of their information. Customer risk assessment is not only a feasible solution against identity theft but also a valuable tool to counter money laundering.

Although several identity verification services are efficient enough to counter criminals, customer risk assessment is more advanced and modern, providing the best verification options to digital businesses. It involves various security checks, including checking customers’ identity, background, area of origin, business, and criminal record. All these parameters have remained quite productive in countering cybercriminals and helped many organizations comply with global regulations.

How Customer Risk Assessment Screening is Carried Out

Customer risk assessment is a technical process that involves multiple security checks, and users have to pass all of them to avoid being reported to authorities. All these screening measures have been recommended by the FATF, and companies with customer risk assessment models are following them to comply with the global guidelines.

Here are some of the prominent risk factors:

Customer’s Identity

Customer risk screening verifies the true identities while making a thorough background check. Corrupt politicians and business tycoons usually get more chances of laundering money or carrying out other financial crimes, so the system should be efficient enough to track users’ history to get updated knowledge about their economic activities in the past.

Geography

There are few regions in the world that have weak AML and other cyber laws, which ultimately help criminals to carry out crimes without much trouble. FATF has placed a large number of countries on grey or black lists, which means that all such states are vulnerable to financial crimes. The customer risk assessment process verifies the origin of the users and determines how stronger AML regulations are there.

Industry/Business

Some businesses are notorious for corrupt practices, like gold, art & antiquities, and other luxury items. The customer risk screening method verifies the business of the users and makes a thorough investigation in case the customer is involved in some vulnerable business.

What Shufti Pro Offers?

Combating identity fraud is crucial for the digital sector and is the most appropriate time for companies to invest in screening measures. The customer risk assessment is an ideal solution for online service providers which will help them in countering financial criminals.

Shufti Pro is offering customer risk screening solutions which is the perfect solution for online businesses. It will not only help them in ensuring global regulatory compliance but will also secure their users’ identities. Shufti Pro’s Customer Risk Assessment (CRA) verifies the identities of users through the toughest parameters which will never let the criminals onboard the system. It is efficient enough to generate results in seconds with a ~99% accuracy.

Want to know more about customer risk assessment for digital businesses?

Talk to CRA Expert

13K Affected in Third-Party Data Breach at Anthem MaineHealth

Identity Theft – A Looming Threat for Digital Businesses

How Law Enforcement Authorities are Countering Cybercriminals

Gang Members Sentenced to 60 Months in Prison for Identity Theft

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Fighting Identity Fraud Through Customer Risk Assessment

How Customer Risk Assessment Screening is Carried Out

Customer’s Identity

Geography

Industry/Business

What Shufti Pro Offers?

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.