PHI of Anthem Members and Advocate Aurora Health Patients Possibly Exposed

by | Jan 12, 2022 | Compliance News

Anthem Inc. has notified 2,003 people that an unauthorized person possibly seen or acquired their protected health information (PHI) after getting access to the network of one of its business associates.

Anthem partners with the insurance broker OneDigital based in Atlanta, GA, which gives assistance for people signed up in group health plans to support them in getting and taking care of their health insurance. OneDigital was provided access to the protected health information of a number of members to guide them or their existing or past employer to get and take care of their medical insurance policy.

On November 24, 2021, OneDigital alerted Anthem concerning a system server hacking incident that took place in January 2021. Anthem stated the incident investigation did not show any direct proof that there was unauthorized access or theft of PHI, however, those activities cannot be eliminated.

The types of data kept on the breached systems consisted of names, birth dates, addresses, healthcare company names, health insurance numbers, group numbers, dates and types of medical care services, medical record numbers, medication data, laboratory test data, payment details, claims data, driver’s license numbers, and Social Security numbers.

Anthem provided the impacted persons with complimentary credit monitoring and identity theft protection services for one year. Anthem mentioned it is working together with OneDigital to lessen the chance of the same breaches taking place later on.

Exposure of the PHI of Over 1,700 Advocate Aurora Health Patients Because of Billing Error

The 26-hospital health system located in Illinois, Advocate Aurora Health, has informed over 1,700 individuals concerning the possible breach of some of their PHI.

Approximately on July 29, 2021, the hospital made billing statements and sent them to patients by mail, however, they were unable to reach their destination. The documents included some PHI, for example, patients’ names, the types of services received, dates of service, the name of the medical care provider they went to, and visit account numbers.

Advocate Aurora Health became aware of the billing problem on October 29, 2021. The following investigation showed there was an unintentional alteration to its billing application that was not noticed so that the statements were sent to the incorrect address. Advocate Aurora Health stated it didn’t get any report of actual or attempted improper use of any patient information resulting from the incident, nevertheless patients were advised by mail as a preventative measure and were given free credit monitoring services.

Advocate Aurora Health explained it is changing its internal processes and technical solutions to avert identical breaches down the road. The breach report was sent to the HHS’ Office for Civil Rights as impacting 1,729 persons.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy