Phishing Attack on Gold Coast Health Plan: PHI of 37,000 Members Potentially Compromised

Gold Coast Health Plan based in Camarillo, CA is alerting 37,000 plan members that hackers have potentially acquired some of their protected health information (PHI). The information was contained in an email account that was compromised in a recent phishing attack.

The hackers were able to access the email account on June 18, 2018, and access remained possible until August 1, 2018. Upon discovery of the security breach on August 8, Gold Coast Health Plan took steps to block access to the account and reset the password.

A leading cybersecurity company was contracted to investigate the breach and find out which patients were potentially impacted. The investigation confirmed that information contained in the account was limited to claims information, health plan ID numbers, and service dates, and for a limited number of plan members, names, birth dates, and medical procedure codes. For many individuals, only one or two of the above classes of information were exposed. No reports have been received to date to suggest any information in the accounts has been stolen and misused.

Gold Coast Health Plan, law enforcement, and the cybersecurity company believe the attack was financially motivated with the aim of making fraudulent bank transfers from company accounts to accounts controlled by the attackers.

No Social Security numbers or financial details were compromises but, out of an abundance of caution, Gold Coast Health Plan is providing breach victims with free identity theft protection services via ID Experts.

Gold Coast Health Plan has implemented further security controls to prevent further email security breaches including security awareness and training and email security controls and monitoring.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/