DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Select Health Network reveals compromise of employee email accounts that may impact an unspecified number of patients

Posted on November 15, 2019 by Dissent

The following press release is by what appears to be a business associate under HIPAA. It does not name the covered entities whose patients or insured members may have been impacted. Will we see notices from those covered entities? Probably not, unless more than 500 were affected for a particular covered entity. The notice also does not indicate when Select Health first became aware that there was likely a problem. Did they learn about it in June and then lock out the attacker? Or did they first learn about it in August or September? And how did they first learn about it? 


MISHAWAKA, Ind., Nov. 13, 2019 /PRNewswire/ — Select Health Network (“Select Health”), provides a provider network to certain health plans and additional services to healthcare providers, and today issued notice of a recent event that may impact the privacy of personal information for current or former members of these plans or healthcare providers.

Select Health recently concluded an investigation into unusual activity related to an employee email account.  Upon learning of the suspicious activity, Select Health immediately took steps to secure the email account and began working with third-party forensic experts to determine the nature and scope of the incident. The investigation confirmed that that the Select Health employee email account was accessed by an unknown actor from May 22, 2019 to June 13, 2019.

The investigation was unable to determine with forensic certainty what emails or attachments, if any, where accessed by the unauthorized actor.  In an abundance of caution, Select Health worked with experts to perform a comprehensive review of all information stored in the email account at the time of incident to confirm the identities of the individuals whose information may have been accessible to the unauthorized actor. On October 1, 2019, Select Health received the results of the third-party audit. Select Health immediately began reviewing the results of the audit to determine the identities and contact information for potentially impacted individuals and contact information. On November 1, 2019, Select Health began notifying business partners and certain individuals about this incident.

The following types of information were present in the email account and accessible to the unknown actor, which may include: Name, Address, Date of Birth, Member ID Number, Treating/Referring Physician, Health Insurance Information, Medical History Information, Treatment Information, Treatment Cost Information, Health Insurance Policy Number, and Medical Record Number. For a limited number of individuals, Social Security number may have also been impacted. At this time, there is no evidence of any actual or attempted misuse of the information accessible within the email account. No financial account information was impacted as a result of this event.

Select Health is notifying potentially affected individuals by this posting, notification on its website, and by mailing letters to potentially affected individuals.

Select Health established dedicated assistance lines for members and providers seeking additional information regarding this incident. Members seeking additional information can call our toll-free assistance line at 1-833-935-1364 Monday through Friday, during the hours of 9:00 a.m. to 9:00 p.m., Eastern Time. Providers seeking additional information can call our toll-free assistance line at 1-833-935-1354 Monday through Friday, during the hours of 9:00 a.m. to 9:00 p.m., Eastern Time. Individuals may also write to the Select Health Network at P.O. Box 6249, South Bend, IN 46660.

Members and providers can also find additional information on how they can protect against fraud and identity theft as well as obtain additional resources on Select Health’s website selecthealthnetwork.com and in the letters they will receive by mail. Select Health encourages potentially affected individuals to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.

Select Health takes this incident and the security of the information in its care very seriously. Select Health has updated processes to further strengthen its systems to protect personal information and will continue to work with third-party experts to help ensure the highest levels of security.

SOURCE Select Health Network

No related posts.

Category: Health DataSubcontractorU.S.

Post navigation

← 150 infosec bods now know who they’re up against thanks to BT Security cc/bcc snafu
NC: Former Operator of Illegal Booter Services is Sentenced for Conspiracy to Commit Computer Damage and Abuse →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.