Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Hackers and identity thieves are always working to find new ways to exploit our information, which can be locked and held for a ransom to be paid by a company or organization, or used to access accounts and to steal from individuals. Phishing and ransomware attacks on healthcare systems are becoming increasingly common. A recent Magellan Health data breach involving five healthcare systems, among them McLaren Health plan, is an unfortunate example of this.
How and When Did the Data Breach Happen?
According to an announcement issued by Magellan Health in November, this particular data breach occurred when a third party executed a phishing attack on the email of an employee at a Magellan Health subsidiary, Magellan RX Management. This employee had access to patient information for McLaren Health Plan in Flint, Mich. McLaren had been contracted with Magellan up to December 2018.
While the actual breach occurred in late May of 2019, it wasn’t discovered until July 5. With the help of an independent expert, Magellan says it conducted an investigation and informed McLaren of the breach on Oct. 4.
As required by the U.S. Department of Health and Human Services (HHS), a report of the Magellan Health data breach investigation was submitted to the Secretary on Sept. 17 stating that over 55 thousand patients were impacted from the combined breaches of McLaren Health Plan, Presbyterian Health, TennCare, Florida Blue, and Geisinger Health Plan.
Results of the investigation suggest that the purpose of the phishing attack was to use the email to send spam and not necessarily to sell or otherwise abuse patient data. Additionally the investigation did not turn up any evidence that patient data in the employee’s email was used or even viewed, which may be cold comfort to an individual who may now feel understandably vulnerable in light of this breach.
Whether or not the intent in the Magellan Health data breach was to mine for patients’ personal information, patient information may indeed have been compromised.
What Patient Information May Have Been Accessed?
According to Magellan Health’s announcement, patient information that may have been exposed could include a member’s full name, date of birth, healthcare providers, plan member ID number, authorization information, prescriptions, and diagnoses. While no person would want their private health information available to anyone but their provider, this exposure may also put these patients at risk of identity theft and an interruption of their healthcare.
How Big of a Problem Are Data Breaches in the Healthcare Industry?
According to HIPAA Journal, invasive attacks on healthcare information systems are generally increasing in frequency and impact, with a large spike in attacks in 2015. Based on data collected by HHS, they calculate that over 230 million records have been breached in the last ten years, amounting to roughly 69 percent of the population in the U.S. who have had their information compromised through a healthcare system data breach. As HHS only requires that organizations report breaches that impact 500 or more patients, this number is likely to be much larger.
What Is Magellan Doing to Help Patients Whose Information Was Exposed?
Magellan Health says it is contacting patients whose information may have been compromised. The company is offering free credit monitoring to impacted members, and has set up a toll-free number to field members’ questions. These are standard measures taken by organizations and companies following breaches of customers’ information.
If your personal information has been stolen or exposed through a healthcare data breach like the breach of Magellan Health, credit monitoring services may not be enough to compensate you for the theft. In addition to the feeling of vulnerability that comes with having your privacy invaded and the inconvenience of having to be even more vigilant with your credit and financial information, you may experience interruptions in your financial accounts and interruptions in care from your medical provider.
Healthcare organizations whose members’ information has been breached or compromised have reached settlements for damages to their clients. A six million dollar settlement was reached recently in a data breach suit involving Banner Health in Arizona. In that case 3.7 million patients were affected by the breach.
If you were a patient at a healthcare facility that was the target of a phishing or ransomware attack and your personal and medical information was compromised, you may qualify to join a class action suit and recoup damages. Top Class Actions can connect with a qualified attorney to examine your claim.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
3 thoughts onPatient Information Compromised in Magellan Health Data Breach
Add me
Please add me
Add me please