Email Security Report Submitted by HealthPlex and Optima Dermatology

Healthplex Inc., one of the largest dental insurance providers located in New York state, has announced the compromise of an employee’s email account during a phishing attack on November 24, 2021. Upon discovery of the data breach, Healthplex immediately secured the email account to avoid further unauthorized access and launched an investigation to find out the nature and scope of the security breach.

Healthplex confirmed on April 5, 2021 that the breached email account included the personal data and protected health information (PHI) of 89,955 people who had earlier signed up for its dental plans. The exposed information differed from one person to another and possibly included first names and last names along with one or more of these data elements:

Address, email address, phone number, group name and number, plan affiliation, member identification number, birth date, date of service, name of the provider, ADA codes and their particulars, billed/paid amounts, prescription drug names, driver’s license number, Social Security number, banking details, credit card number, username and password for the member site.

Healthplex stated that notification letters had been issued to affected persons on April 15, 2022, who were offered no-cost identity theft protection services via Lifelock. It took steps also to enhance the security of its email environment to avoid the same breaches later on.

Approximately 60,000 Patients Affected by Optima Dermatology Email Breach

Optima Dermatology Holdings has stated it has encountered an email security incident that resulted in the exposure of the protected health information of patients of The Dermatology Center of Indiana and Advanced Dermatology & Skin Cancer Center.

Optima Dermatology didn’t disclose when it discovered the email security breach although, it mentioned on February 17, 2022 that after a considerable forensic investigation, it was determined that the breach was limited to a single email account, which an unauthorized individual accessed from August 30, 2021 to September 2, 2021.

An analysis of the email account revealed it comprised the PHI of 59,872 people, including full names, birth dates, medical services and/or ailments data, medical record numbers, health insurance claims and/or application details, and medical insurance policy and/or subscriber numbers. There was no evidence found that suggests the exposure or breach of driver’s license numbers, Social Security numbers, or financial account/payment card data.

Optima Dermatology mentioned it sent notification letters to impacted persons on April 18, 2022, and extra safeguards have been put in place to stop other attacks.

 

About Christine Garcia 1295 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA