PHI Exposure of Superior Dental Care Patients and L.A. Care Health Plan Members

The dental insurance provider, Superior Dental Care, based in Centerville, Ohio, has discovered an employee’s email account has been subjected to unauthorized access, and that the protected health information (PHI) of some members may have been viewed or acquired by a third party.

Superior Dental Care detected the email account breach on January 23, 2019 after identifying suspicious activity happening within the email account of an employee. To prevent further unauthorized access to the account, the password was changed right away.

Superior Dental Care called in a third-party computer forensics company to help investigate the breach. The investigators informed Superior Dental Care on February 11, 2019 that an unidentified third party had accessed the account. The first unauthorized access occurred on December 21, 2018.

The following information was found in the compromised email account: Names, addresses, healthcare data, Social Security numbers and payment details associated with the dental services received.

All persons who were affected by the breach have already received breach notification letters by mail and the appropriate authorities have been notified of the security breach.

Superior Dental Care has implemented the necessary processes to reinforce system security and will keep on working with third-party security specialists to better secure the personal information of members.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

The Department of Health and Human Services’ Office for Civil Rights has not posted the incident on its breach portal yet. Thus, the exact number of members that the breach affected is unknown.

L.A. Care Health Plan Alerts Members to Accidental PHI Disclosure

Certain L.A. Care Health Plan members have had a limited amount of PHI exposed due to a mailing error.

A system error resulted in some L.A. Care member’s ID cards being sent to the wrong plan members. In certain cases, members were sent envelopes containing the correct ID card together with other members’ ID cards .

The system error happened on June 1, 2018 and continued to impact ID card mailings until January 30, 2019. The PHI that was inadvertently disclosed only included names, telephone numbers, member ID numbers, medical group names, health plan name and PCP/Clinic name.

Since the incident, L.A. Care Health Plan has made changes to its processes and procedures to prevent similar incidents from occurring in the future.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/