PHI Compromised Due to Emotet Malware Attack on Oregon Endodontic Group and Humana Web Portal Breach

An office computer used by Oregon Endodontic Group has been infected with malware, which may have allowed email data to be stolen by the attackers. The group noticed suspicious activity in the email account on November 13, 2018 and launched an investigation.

A third -party forensic company helped to determine the nature and extent of the data breach. The investigators reported that the office computer was infected with a malware variant known as Emotet, which is a banking Trojan able to exfiltrate data from email accounts. The investigation did not uncover evidence to suggest that email data had been stolen, but data theft could not be ruled out.

The investigators analyzed the compromised email account to determine what protected health information (PHI) had been exposed. The analysis was completed on February 11, 2019.

The account contained only limited types of information, including names together with one of more of these data elements: Birth date, diagnosis data, treatment details, and health insurance details. The Social Security numbers of 41 individuals were exposed, seven individuals had financial information exposed, and the driver’s license numbers of two persons were exposed.

Oregon Endodontic Group hired an IT security company to assess security controls and implement further controls to improve the security of its email system.

Another data breach was reported by Humana, which affected Texas residents. Unauthorized persons registered on a web portal used by Availity, one of Humana’s authorized service providers. Providers use the web portal to check the eligibility and benefits of several health plan members. The unauthorized persons attempted to acquire plan members’ eligibility and benefit verification information.

The fraudsters posed as doctor provider groups and possibly acquired a limited amount plan members’ data from January 15, 2016 to February 14, 2019. They accessed names, Humana ID numbers, benefit data, care reminders and plan effective dates. As a safety measure, Humana has offered affected members credit monitoring and identity theft protection services and has advised them to monitor their explanation of benefits statements for signs of fraudulent activity. To date, there have been no reports received regarding PHI misuse.

Humana explained in its breach notification letters that Availity has policies and procedures in place to safeguard customer data, but further measures have been implemented since the breach to improve security. 522 members of Humana plans residing in Texas were affected by the breach.