Geisinger Health Plan based in Danville, PA found out that some of its members’ protected health information (PHI) was exposed because Magellan NIA, one of its business associates, had a suspected phishing attack.
Magellan NIA is a provider of radiology benefits management services to Geisinger health plan, which gives access to the PHI of its plan members.
On July 5, 2019, Magellan NIA detected suspicious activity on one employee’s email account and so discovered the breach. The health plan immediately secured the account to stop further unauthorized data access and misuse and launched an investigation to ascertain the magnitude of the breach. According to the investigation results, breach of the account happened on May 28, and a number of connections to the account until July 5 were traced. Someone from outside the United States made those connections.
Geisinger Health Plan is convinced that the only reason for the attack was to access email accounts for spamming. It was not intended for stealing sensitive information of plan members. Nevertheless, unauthorized data access and theft cannot be ruled out. Therefore, the incident is considered as a data breach. As a safety precaution, the health plan offered free credit monitoring and identity theft protection services to affected members.
Magellan NIA has enforced extra security options to defend against more phishing attacks, such as deactivating some email protocols, employing Microsoft Password Hash Sync, and setting up geofencing.
Geisinger Health Plan claims that it received information regarding the breach on September 24 including a list of members affected by the breach on October 3. The business associate directly informed the affected members. Geisinger Health Plan made certain of a complete and correct notification process. It has already ended its business connection with Magellan NIA.
To date, there is no detail available regarding how many plan members were affected.