Business associate causes a breach for Humana, affecting 5,569

Humana has notified 5,569 members that a limited amount of their protected health information may have been compromised.

Unauthorized third parties posing as physician provider groups registered on one of Humana’s authorized vendors—Availity—the web portal of which providers use to check eligibility and benefits for multiple health plans.

The hackers requested eligibility and benefit verification of health plan members by using certain personal information they already had in their possession.

Humana executives say they have no reason to believe the information was obtained from Humana or Availity, and the breach was complex in nature and affected other health insurers—suggesting that other payers may soon be issuing similar notices.

Also See: Bitglass blames hacking, IT incidents as main reasons for breaches

Investigations found a series of data breaches stretching from Jan. 15, 2016, to Nov. 7, 2018. Exposed data included patient names, Humana member identification numbers, plan effective dates, benefit information, care reminders for lab tests or other treatments.

Full Social Security numbers, banking and credit card information were not compromised.

Humana is expressing regrets for any concern the incident may have caused members and is offering one year of credit monitoring and identity theft protection through Equifax. Members also are being advised to check for changes in explanation of benefit letters, or medical records they do not recognize and contact Humana immediately.

After the incidents, Availity has strengthened its security process by adding additional access requirements and enhanced monitoring.