Breach at Community Health Plan of Washington affects nearly 400,000 members

The hack was first noticed on Nov. 7 and confirmed by forensic experts on Nov. 30.
By Jessica Davis
10:37 AM
Share

Community Health Plan of Washington was breached and 381,534 current and former patient records may have been exposed, according to Seattle Times.

The Seattle-based nonprofit, which provides health insurance through Medicaid, has not yet added a notification to its website. However, it sent letters Wednesday to affected individuals notifying them of the breach and the steps to take to protect their data.

The incident began on Nov. 7, when an individual left a voice message with CHPW saying there was a vulnerability in the network of the firm that provides the organization technical services. The firm is a subsidiary of NTT Data.

CPHW Chief Operating Officer Marilee McGuire told Seattle Times that she doesn't have information on the caller's identity.

The organization hired a forensic investigation team and notified the FBI and state regulators that confirmed the breach on Nov. 30. Officials confirmed hackers accessed names, addresses, dates of birth, Social Security numbers and information regarding health claims.

The organization hired cybersecurity firm Kroll to help its members determine a course of action if they suspect their data has been stolen. McGuire said all members will receive a customized letter with a number assigned by Kroll and can sign up for a year of free credit monitoring.

CHPW waited until now to inform its members to give the organization time to hire a security firm and set up a call center and translation services, McGuire said.

"Our members put our trust in us and this has been very upsetting to me personally," McGuire said.

As for the delay in notifying members, McGuire said, "We wanted to make sure all those logistics were in place. Those things take time unfortunately."

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn