Minnesota-based health plan suffers breach impacting more than 65,000 individuals
South County Health Alliance (SCHA), a health plan based out of Owatonna, Minnesota, reported a security breach on December 31 affecting 66,874 individuals, according to the Office for Civil Rights (OCR) breach report.
In a security notice posted on its website, SCHA said on September 14 it discovered that unauthorized access to an employee email account had occurred in late June. SCHA engaged cybersecurity experts to assist with its investigation, which found that personal and protected health information (PHI) belonging to members may have been accessible in the account. Based on the investigation, the following information may have been involved:
- Address
- Date of death
- Diagnostic or treatment information
- Health insurance information
- Medicare and Medicaid number
- Name
- Provider name
- Treatment cost information
- Social Security number
On December 30, SCHA contacted potentially impacted individuals for notification and offered complimentary credit monitoring and identity protection services. The organization also set up a toll-free call center to answer questions about the incident and help impacted members enroll in their complimentary services.