Topics
More on Operations

Hackers hit SCAN Health Plan, breach data of nearly 90,000 patients

Health insurance company said an unauthorized party gained access to its sales contact sheets and exposed, medical data, Social Security numbers.

Jessica Davis, Associate Editor

Long Beach, California-based SCAN Health Plan reported its contact sheets' system had been breached by an unauthorized party, which exposed the data from its members and some non-plan members who provided their personal information to its sales team.

Hackers were able to gain access to names, addresses and phone numbers of contact sheets used for sales purposes, and in some instances, Social Security numbers, health notes, doctor information, medication names and dates of birth were breached.

The breach occurred between March and June 2016 and was first observed on June 27, 2016. Officials are unsure of how many of its records were accessed, according to California public radio station, KPCC.

[Also: Office of Civil Rights will investigate smaller data breaches]

While the company found no evidence the access information was fraudulently used, all affected members have been contacted via mail. SCAN will provide identity protection services for one year to its current, prospective and former plan members, including identity repair and credit monitoring.

Members are encouraged to check their benefits statements clearly to ensure it hasn't been improperly used, according to the SCAN's website. The company also suggests members closely monitor credit reports.

[Also: Athens Orthopedic Clinic will not pay for credit monitoring for breach victims]

The company also notified the U.S. Department of Health and Human Services, the Centers for Medicare & Medicaid Services and state regulators about the breach.

"Based on our investigation to date, there were approximately 87,000 individuals affected. Of that number fewer than half are current SCAN members," SCAN spokesperson Ross Goldberg said. "Further, based on our investigation, fewer than 500 Social Security numbers were potentially exposed."

Twitter: @JELagasse