CORRECTION: Children’s Mercy Hospital was affected by the breach that occurred in March 2014, not the 2012 breach.
Original story:
It seems like I’m reporting a lot of breaches involving StayWell Health Management and their vendor, OnSite Health Diagnostics this year. It’s probably because they’ve disclosed two breaches that affected numerous StayWell clients.
The latest entry is from Huntington Bancshares Inc. Group Health Care Plan of Ohio, who notified HHS that 4,487 enrollees were affected by a hacking incident discovered on March 25th.
Ben Sutherly of the Columbus Dispatch provides coverage of the breach, noting that it was part of a breach at OnSite Health Diagnostics that also affected Dominion Resources (1,700 affected) and Motorola Mobility (940 affected):
Health, financial and Social Security data were secure, but hackers accessed current and former workers’ names, user names, email addresses, mailing addresses, phone numbers, gender and dates of birth.
As Sutherly reports and as I noted above, this breach wasn’t StayWell’s first breach:
Nearly 18,600 people associated with Missouri Consolidated Health Care Plan, the Clorox Company Group Insurance Plan in California, the University of Minnesota, Nissan North America and Qbe Holdings were affected by unauthorized access to network servers — a breach that began in the spring of 2012 but was not discovered until January this year.
A search of this blog reveals that Children’s Mercy Hospital was also affected by that 2012 breach.