Hack of SCAN Health Plan Affects Nearly 90,000 Patients

As reported in Healthcare IT News in August, a major hack of Long Beach, California-based SCAN Health Plan exposed the data of nearly 90,000 of its members. Sometime between March and June of this year, hackers gained access to the names, addresses, dates of birth, Social Security numbers, “limited” health notes, health conditions, doctor info, and names of medication related to the affected individuals. The SCAN data security breach was first discovered on June 27, when the company learned that its contact sheets, which are documents used for sales purposes, were viewed by a party using unauthorized means. But, as of late August, SCAN officials were unsure of exactly how many of their patients’ records were accessed. SCAN has a total of about 170,000 members.

Healthcare Ransomware

Though no evidence has been found (as of yet) that the illegally-accessed information was used in a fraudulent way, all SCAN members have been contacted by email and informed that the healthcare organization will provide the requisite identity repair and credit monitoring for one full year as part of its “penance”.

Members have been encouraged to check their benefits statements closely to ensure they haven’t been used improperly, according to the SCAN website. The company also suggests members closely monitor their credit reports for any irregular activity. SCAN also notified the U.S. Department of Health and Human Services, the Centers for Medicare & Medicaid Services, and state regulators about the breach.

SCAN Health Plan spokesperson Ross Goldberg told SCMagazine.com, “We are confident that this was not an organized attack on our systems with the intent to undermine our operations or deliberately compromise individuals’ identity. Based on our ongoing investigation, legitimate employee credentials were used for the unauthorized purpose of client development for an outside insurance agency.”

Goldberg went on to assure the public and his customers – both current and former – that fewer than 500 Social Security numbers were exposed. He also noted that less than half of the 87,000 individuals affected are current SCAN members, meaning they were former members, likely.

Yet Another Reason for Better Cybersecurity, Education

The SCAN data breach is yet another in an ongoing series of attacks on healthcare facilities, aimed at exploiting the medical information of those who trust the keeping of such data to health maintenance organizations and other health-industry outfits. The regularity with which these data hacks, ransomware attacks, and other exposures of sensitive data is alarming, and continues to underscore the great need throughout the workplace and IT infrastructure of healthcare facilities for adequate cybersecurity and cyber safety awareness and education. It’s got to be an end-to-end implementation and practice if cybersecurity – in hospitals and any and all other healthcare facilities – is to have any teeth at all.

Consult a Cyber Safety and Security Expert

If you need further advice about cyber security, safety, and data protection, QualityIP is a proven leader in providing IT security solutions and safety education in {city}. Contact one of our IT experts at (330) 931-4141 or send us an email at [email protected] today, and we can help you with all your cyber safety and security questions or needs.