Phishing Attacks on Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Members

by

The managed care firm Magellan Health based in Scottsville, AZScottsville, AZ learned that phishing attacks on two of its subsidiaries caused the compromise of the protected health information (PHI) of Presbyterian Health Plan members from Albuquerque, NM.

Two service vendors to Presbyterian Health Plan, specifically Magellan Healthcare and National Imaging Associates, encountered the phishing attacks. The Department of Health and Human Services’ Office for Civil Rights got reports of the two occurrences on September 17, 2019.

The National Imaging Associates found out about the phishing attack on July 5 and impacted 589 persons while the Magellan Healthcare found out about the incident on July 12 and impacted 55,637 persons. The two occurrences transpired within a number of days though they are not regarded as connected.

The breach of two workers’ email accounts occurred on May 28 and June 6, 2019. The two employees maintained the information connected to the health plan members. The investigation results confirmed that the target of the attack was to get access to the email accounts and utilize them to send out spam messages. There is no proof found that indicate the attackers viewed the email messages in the accounts. There was likewise no report obtained that indicate the improper use of plan members’ information.

The information of persons impacted by the breach including member’s name, member ID number, date of birth, service provider name, health benefit authorization details, billing codes and date(s) of service were exposed. The Social Security number of a number of plan members were additionally exposed. Free credit monitoring and identity theft protection services were provided to those whose Social Security number was compromised.

Due to the attacks, Magellan Health’s information security staff has executed further authentication controls and strengthened email security. The firm likewise improved its employee security awareness training course.

Presbyterian Health Plan members had a couple of awful months. Another targeted phishing attack struck the health plan and impacted 183,400 plan members. Presbyterian Health Plan reported the breach to OCR in August. Based on the investigation results, the attackers were seeking to acquire sensitive data.