Ted Sickinger reports:
The personal information of as many as 122,000 customers of Providence Health Plan’s dental program in Oregon may have been compromised in a security breach at the program’s administrator, Virginia-based Dominion National.
Read more on OregonLive.
While 122,000 is a lot of patients potentially affected, it could have been worse if Providence Health had started using Dominion National prior to 2015, as Dominion National reportedly informed them that the breach may go back to August 2010 and could impact 2.9 million insured members nationwide.
The following notice was posted on Dominion National’s web site:
Notice of Data Security Incident
Dominion National is an insurer and administrator of dental and vision benefits, and maintains information related to those services. This notice describes a data security incident that may have involved information related to Dominion National members, members of plans we provide administrative services for, producers, and healthcare providers, measures we have taken, and some steps that can be taken in response.
On April 24, 2019, through our investigation of an internal alert, with the assistance of a leading cyber security firm, we determined that an unauthorized party may have accessed some of our computer servers. The unauthorized access may have occurred as early as August 25, 2010. After learning of this, we moved quickly to clean the affected servers and implement enhanced monitoring and alerting software. We also contacted the FBI and will continue to work with them during their investigation.
We have undertaken a comprehensive review of the data stored or potentially accessible from those computer servers and have determined that the data may include enrollment and demographic information for current and former members of Dominion National and Avalon vision, and current and former members of plans we provide administrative services for. In addition, the data may include personal information for producers who placed Dominion National and Avalon vision policies, and healthcare providers participating in the insurance programs of Dominion National. The member information may have included names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, group numbers, and subscriber numbers. For members who enrolled online through Dominion National’s website, their bank account and routing numbers may have also been included in the data. The provider information may have included names, dates of birth, Social Security numbers, and/or taxpayer identification numbers. The producer information may have included names and Social Security numbers.
We have no evidence that any information was in fact accessed, acquired, or misused. However, we began mailing notification letters to potentially affected individuals on June 21, 2019, and we have established a dedicated incident response line to answer any questions. If you believe you may be affected by this incident but did not receive a letter by September 23, 2019, please call 877-503-8923. TTY/TDD users can call 844-261-6819. The incident response line is open Monday through Friday, 8:00 a.m. to 8:00 p.m., Eastern Time.
We regret any inconvenience or concern this may cause you. We want you to know that protecting your information is incredibly important to us, as is helping you through this situation by providing you with the information and support you need.