Keenan & Associates of Torrance, CA, a third-party health insurance plan administrator, is reporting the personal information of some health plan members and some of their dependents was inadvertently made available online to the public.
How many victims? About 35,000
What type of information? The company said documents potentially made available on the internet may have contained individuals, address, telephone number, birth date, medical plan name, plan identifier and, in some instances, Social Security number. The documents did not contain any medical information such as claim information, test results or diagnostic codes.
What happened? On October 9, 2015, Keenan learned that documents containing information relating to some employees and some of their dependents could potentially be found through a web search.
What was the response? The portal settings have since been reconfigured and the documents are no longer searchable on the Internet. Keenan added an investigation was launched when the breach was discovered and to date does not believe any of the potentially available data has been used inappropriately. It is also supplying credit monitoring services for two years to those impacted.
Details? The company said the information was revealed when a vendor misconfigured the security settings on the portal where the information was stored.
Quote? "To date, Keenan has no evidence that any of the information stored on the portal has been used improperly. Protecting your information is incredibly important to us at Keenan, as is helping you through this with the information and support you need. Keenan deeply regrets any inconvenience caused by this incident.”
Source: Keenan & Associates, State of California Department of Justice Office of the Attorney General