PHI of 3,193 Employees and Dependents Potentially Exposed Due to Bodybuilding.com Data Breach

The website owner of Bodybuilding.com, a website about bodybuilding and fitness, reported a security breach that could have caused the access of client and personnel data by unauthorized persons.

Under HIPAA, this kind of breach impacting clients isn’t a reportable occurrence. However, group health plans are covered under HIPAA. So, bodybuilding.com needed to report the PHI exposure of group members to the Office for Civil Rights.

Bodybuilding.com noticed the breach in February 2019 due to suspicious actions observed on its system. An official investigation of the breach was started which confirmed that its system was accessed because of an employee who was tricked by a phishing scam.

Though it is thought that the information of its clients and employees were not accessed by unauthorized persons consequent to the phishing attack, its likelihood can not be completely ruled out.

Bodybuilding.com by now fixed the breach and properly secured its networks. All site users’ passwords were put through to a forced reset as a safety measure. For clients, the data likely accessed included names, addresses, email addresses, contact numbers, dates of birth, profile data, purchase details, billing and shipping details, and messages with the business.

Present and previous personnel of the Idaho fitness merchant who are Bodybuilding.com’s group health plan members had their employment-associated data compromised. The breach equally impacted enrollees’ beneficiaries and dependents. The compromised information included names, phone details, birth dates, Government ID numbers, Social Security numbers, group health plan subscriber details, claims details, and process codes.

The investigation of the breach finished on April 19, and all impacted people were informed concerning the PHI breach as a precautionary measure. No one submitted reports of misused information to date.

The breach report was lately published on the Department of Health and Human Services’ Office for Civil Rights breach website, indicating 3,193 present and former personnel, dependents, and beneficiaries were impacted by the breach.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA