DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data breach affects almost 400,000 Community Health Plan members (UPDATE2)

Posted on December 21, 2016 by Dissent

Bob Young reports:

Almost 400,000 current and former members of the Community Health Plan of Washington have had personal information, including Social Security numbers, exposed in a data breach.

The nonprofit, which provides health insurance through Medicaid in Washington, is sending letters to 381,534 individuals Wednesday notifying them of the invasion and steps they can take to protect themselves with help from Community Health Plan of Washington.

Read more on The Seattle Times. The incident appears to involve an unnamed business associate/vendor that is a subsidiary of NTT Data.

UPDATE: It appears that this breach is yet another caused by a public FTP server, and that it was discovered by a security researcher who reported it to them. Interesting that the reporting says “invasion,” and I’ll be interested to see how the covered entity explains this breach to its members. In the meantime, I’m changing the tags on this incident from “hack” to “exposure.”

UPDATE 2: And now we know the name of the BA: Transaction Applications Group Inc., doing business as NTT Data, who processes claims for CHPW. Read more on GovInfoSecurity. It sounds like CHPW may be building a case of hacking against the researcher.

Category: ExposureHealth DataOf NoteSubcontractorU.S.

Post navigation

← Data Breach Plaintiffs’ Allegations Sufficient for Standing in Employee’s Suit Against CareCentrix
University of Nebraska-Lincoln notifies 30,000 of breach that may have occurred two years ago →

2 thoughts on “Data breach affects almost 400,000 Community Health Plan members (UPDATE2)”

  1. Anonymous says:
    December 28, 2016 at 5:43 pm

    CHPW blames NTT Data, a subsidiary of Nippon Telegraph and Telephone.
    CHPW says they reported breach to HHS.
    But wall of shame does not list it.
    Except that the Peachtree Orthopaedics breach has the same size and was reported a few days earlier.
    And newspaper accounts in Atlanta say that breach involved a ransom demand.

    But Justin S says he noticed the records were available to all in in unsecured anonymous FTP server.

    Was this an instance of careless, ransom, or state-sponsored? (Could be all three)

    Anyone know what gives here?

    1. Dissent says:
      December 28, 2016 at 5:57 pm

      1. HHS is often a tad slow in showing breach reports they’ve received – sometimes by weeks. Be patient, it will show up.
      2. Peachtree Orthopedics was reported to HHS on November 18, after they confirmed it 9/22. CHPW first learned of their breach on Nov. 7. They didn’t report it to HHS until around Dec. 18.
      3. There’s lots of coverage on my site about the Peachtree hack and ransom demands, beginning in August when I first suspected they were a victim. Media in Atlanta were slow to report what my readers knew months ago.
      4. The CHPW appears to be human error by the vendor/BA.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.