PHI Exposure of Superior Dental Care Patients and L.A. Care Health Plan Members
The dental insurance provider, Superior Dental Care, based in Centerville, Ohio, has discovered an employee’s email account has been subjected to unauthorized access, and that the protected health information (PHI) of some members may have been viewed or acquired by a third party.
Superior Dental Care detected the email account breach on January 23, 2019 after identifying suspicious activity happening within the email account of an employee. To prevent further unauthorized access to the account, the password was changed right away.
Superior Dental Care called in a third-party computer forensics company to help investigate the breach. The investigators informed Superior Dental Care on February 11, 2019 that an unidentified third party had accessed the account. The first unauthorized access occurred on December 21, 2018.
The following information was found in the compromised email account: Names, addresses, healthcare data, Social Security numbers and payment details associated with the dental services received.
All persons who were affected by the breach have already received breach notification letters by mail and the appropriate authorities have been notified of the security breach.
Superior Dental Care has implemented the necessary processes to reinforce system security and will keep on working with third-party security specialists to better secure the personal information of members.
The Department of Health and Human Services’ Office for Civil Rights has not posted the incident on its breach portal yet. Thus, the exact number of members that the breach affected is unknown.
L.A. Care Health Plan Alerts Members to Accidental PHI Disclosure
Certain L.A. Care Health Plan members have had a limited amount of PHI exposed due to a mailing error.
A system error resulted in some L.A. Care member’s ID cards being sent to the wrong plan members. In certain cases, members were sent envelopes containing the correct ID card together with other members’ ID cards .
The system error happened on June 1, 2018 and continued to impact ID card mailings until January 30, 2019. The PHI that was inadvertently disclosed only included names, telephone numbers, member ID numbers, medical group names, health plan name and PCP/Clinic name.
Since the incident, L.A. Care Health Plan has made changes to its processes and procedures to prevent similar incidents from occurring in the future.