Community Health Plan of Washington breach affects nearly 400,000 members

Community Health Plan of Washington was breached and 381,534 current and former patient records may have been exposed, according to Seattle Times.

The Seattle-based nonprofit, which provides health insurance through Medicaid, has not yet added a notification to its website. However, it sent letters Wednesday to affected individuals notifying them of the breach and the steps to take to protect their data.

The incident began on Nov. 7, when an individual left a voice message with CHPW saying there was a vulnerability in the network of the firm that provides the organization technical services. The firm is a subsidiary of NTT Data.

[Also: Expert: Cybercriminals will not only attack healthcare, but they'll profit from it]

CPHW Chief Operating Officer Marilee McGuire told Seattle Times that she doesn't have information on the caller's identity.

The organization hired a forensic investigation team and notified the FBI and state regulators that confirmed the breach on Nov. 30. Officials confirmed hackers accessed names, addresses, dates of birth, Social Security numbers and information regarding health claims.

The organization hired cybersecurity firm Kroll to help its members determine a course of action if they suspect their data has been stolen. McGuire said all members will receive a customized letter with a number assigned by Kroll and can sign up for a year of free credit monitoring.

[Also: Hospitals sorely lack cybersecurity workforce, need staff-wide engagement, experts say]

CHPW waited until now to inform its members to give the organization time to hire a security firm and set up a call center and translation services, McGuire said.

"Our members put our trust in us and this has been very upsetting to me personally," McGuire said.

As for the delay in notifying members, McGuire said, "We wanted to make sure all those logistics were in place. Those things take time unfortunately."

Twitter: @JessiefDavis