Breaches at Oregon Endodontic Group and Humana Web Portal Resulted to PHI Compromise


A computer used in the office of Oregon Endodontic Group was installed with malware resulting to the possible email data theft by the attackers. On November 13, 2018, the group became aware of suspicious actions in the email account and started an investigation.

A third -party forensic firm helped investigate the nature and severity of the security breach. According to the report, a malware variant identified as Emotet infected the office computer. Emotet is a banking Trojan with capability to exfiltrate information from email accounts. Though there was no evidence indicating email data theft, it’s possible for the attacker to steal data.

The investigators completed analyzing the compromised email account on February 11, 2019 and confirmed the protected health information (PHI) that was exposed. The account contained names and one or more data elements namely birth date, diagnosis information, treatment specifics, and medical insurance information. In addition, 41 persons had their Social Security numbers exposed, seven persons had their financial data exposed, and two persons had their driver’s license numbers exposed.

Oregon Endodontic Group got an IT security business to evaluate its security settings and to upgrade its controls to strengthen email system security.

Humana also reported a data breach affecting residents in Texas. Unauthorized persons signed up on a web site employed by Availity, an authorized service provider of Humana. The web portal is used to see the eligibility and benefits of a number of health plan members. The breach involved unauthorized persons trying to get the information of plan members’ eligibility and benefits.

The scammers pretended to be doctor provider groups and might have obtained some plan members’ data starting January 15, 2016 until February 14, 2019. The information accessed include names, benefit information, care reminders, plan effective dates and Humana ID numbers. As a precaution, Humana offered credit monitoring and identity theft protection services to affected members and advised them to keep track of their explanation of benefits statements for indications of fraudulent transactions. Up to now, no report of PHI misuse was received.

Humana mentioned in its notification letters to plan members that Availity has policies and procedures in place for customer data security. But to further improve security, extra safety steps were implemented. The breach affected 522 members of Humana plans who are Texas residents.