PHI of Anthem Members and Advocate Aurora Health Patients Potentially Compromised

Anthem Inc. has notified 2,003 members that an unauthorized individual potentially viewed or obtained some of their protected health information (PHI) after gaining access to the network of one of its business associates.

Anthem works with the insurance broker OneDigital based in Atlanta, GA, which offers help for people registered in group health plans to guide them in procuring and managing their health insurance. OneDigital was given access to the protected health information of particular members to help them or their present or former employer to acquire and manage their medical insurance plan.

On November 24, 2021, OneDigital alerted Anthem about a system server hacking incident that happened in January 2021. Anthem stated the breach investigation did not reveal any direct evidence that there was unauthorized viewing or theft of PHI, nevertheless, those activities can’t be excluded.

The types of data held on the compromised systems comprised of names, dates of birth, addresses, healthcare provider names, health insurance numbers, group numbers, dates and types of medical care services, medical record numbers, prescription data, lab test results, payment details, claims details, driver’s license numbers, and Social Security numbers.

Anthem offered the affected individuals complimentary credit monitoring and identity theft protection services for 12 months. Anthem mentioned it is working with OneDigital to minimize the possibility of similar breaches happening in the future.

Exposure of the PHI of More Than 1,700 Advocate Aurora Health Patients Due to Billing Error

The 26-hospital health system located in Illinois, Advocate Aurora Health, has informed more than 1,700 patients regarding the potential compromise of some of their PHI.

On or around July 29, 2021, the hospital prepared billing statements and mailed them to patients, however, they did not get to their destination. The statements contained a limited amount of PHI, like patients’ names, the types of services gotten, dates of service, the name of the healthcare provider they visited, and visit account numbers.

Advocate Aurora Health knew about the billing error on October 29, 2021. The succeeding investigation indicated there was an accidental change to its billing software program that was undetected, which caused the mailing of the billing statements to the wrong address. Advocate Aurora Health stated it didn’t receive any report of attempted or actual misuse of any patient information due to the incident, nevertheless, patients were advised by mail as a safety measure and were provided free credit monitoring services.

Advocate Aurora Health explained it is modifying its internal processes and systems to avoid the same breaches later on. The breach report was submitted to the HHS’ Office for Civil Rights as affecting 1,729 persons.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at