SCAN Health Plan is notifying users that remote attackers were able to gain access to the contact sheets system and accessed the personal information of past and current members and some non-plan members of SCAN Health Plan, SCAN Health Plan Arizona, and VillageHealth plans.
How many victims? 87,000 individuals
What type of information? Names, addresses, phone numbers; in some cases, social security, dates of birth, and “limited health notes” (including doctor names, health conditions, or medications) may have been exposed. According to SCAN spokesperson Ross Goldberg, “fewer than 500 Social Security numbers were exposed.” He also noted that less than half of the 87,000 individuals affected are current SCAN members.
What happened? In late June, the company learned that its “contact sheets,” documents used for sales purposes, were accessed and possibly viewed by an unauthorized party.
What was the response? The California-based not-for-profit health plan brought in outside experts and determined that the breach occurred between March and June of 2016.
Quote: “We are confident that this was not an organized attack on our systems with the intent to undermine our operations or deliberately compromise individuals' identity," SCAN Health Plan/SCAN spokesperson Ross Goldberg told SCMagazine.com. "Based on our ongoing investigation, legitimate employee credentials were used for the unauthorized purpose of client development for an outside insurance agency.”Source: Breach Notice, SCAN Health Plan / SCAN spokesperson Ross Goldberg