Nearly 500K Aetna members affected by EyeMed security incident
Aetna this past week reported that 484,157 members had been affected by an email-hacking incident over the summer.
The incident, which was reported to the U.S. Department of Health and Human Services' Office of Civil Rights on Tuesday, stemmed from an unauthorized individual accessing an EyeMed email account. Aetna contracts with EyeMed to provide vision benefit services for members.
"Aetna was informed on September 28, 2020, that an EyeMed email box was accessed by an unauthorized individual and that phishing emails were sent to email addresses contained in the mailbox’s address book," said an Aetna representative in a statement to Healthcare IT News.
"The mailbox contained information about individuals who formerly or currently receive vision-related services through EyeMed, including Aetna customers," the representative continued.
That information may have included name, address, date of birth, vision insurance account number, and – in some circumstances – social security number, birth or marriage certificate, medical diagnosis and treatment information, they said.
WHY IT MATTERS
According to a statement posted on EyeMed's website, the company discovered that the email mailbox had been compromised on July 1. That day, EyeMed blocked access to the mailbox and secured it.
Aetna says that EyeMed hired a cybersecurity firm to assist in its efforts with investigating the incident and that it took "immediate steps" to enhance protections already in place.
EyeMed says it is providing additional security awareness training and that it has mailed letters to affected individuals.
"It could not be fully determined whether, and to what extent, if any, the unauthorized individual viewed or acquired personal information," an Aetna representative told Healthcare IT News. "However, EyeMed and Aetna are not aware of any misuse of information that may have been accessed during this incident."
THE LARGER TREND
The incident is just another in a string of recent high-profile security breaches targeting the healthcare industry.
Phishing and ransomware campaigns, already on the rise, got an additional energy boost from COVID-19, with an at-home workforce, fears around the virus and employee incaution all potentially contributing to gaps in security.
The trend is unlikely to abate. Experts say to expect much of the same in 2021 fueled by hunger for knowledge about coronavirus vaccines.
ON THE RECORD
"Aetna places the highest priority on protecting the privacy of its customers and takes significant measures to protect private information from unauthorized uses and disclosures," said the Aetna spokesperson. "We continue to stay in close contact with EyeMed to help ensure it takes the appropriate steps to protect customers’ information."