Phishing Attack Impacts 51,000 Plan Members of Network Health

Network Health, a health insurance provider based in Wisconsin, recently informed its 51, 232 plan holders about the unauthorized access of their protected health information (PHI). According to the report, the security breach began in August 2017 when some Network Health employees received phishing emails. Apparently, two employees did not know the right thing to do. They responded to the scam email allowing the hackers to get their login credentials. With that information, they were able to access the email accounts in the Network Health system.

The sensitive information that got compromised as a result of the hacking include the  plan members’ names, addresses, phone numbers, birth dates and ID numbers. It’s a good thing that their financial records and Social Security numbers were not accessed. But the health insurance claim information of some individuals were likely compromised. Network Health did their best to work fast when the breach was detected. They shut down the affected accounts immediately to stop further damage. As part of the company’s internal investigation, a cybersecurity consultant examined the extent of the damage. He also made a forensic analysis of the network to know which parts of the system were hacked. The law enforcement did a separate investigation of the breach as soon as they received a report of the problem.

Network Health’s Chief Administrative Officer, Penny Ransom, gave the company’s plan holders the assurance that they are doing everything they can to improve the system’s security so as to prevent future troublesome incidents.

  • The company will re-train their workforce especially on the aspect of recognizing and reporting phishing emails.
  • They will review all procedures and login processes.
  • They will offer the plan holders who got their information compromised one year of free identity theft protection services and credit monitoring.

There were two other healthcare organizations that were attacked by hackers in September. Morehead Memorial Hospital reported the phishing of potentially 66,000 patients’ PHI. Arkansas Oral & Facial Surgery Center also reported a phishing attack that potentially impacted 128,000 individuals.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at