Beaver Medical Group (BMG) in California is part of Optum Health. On January 24, BMG discovered unusual activity in an employee’s workstation. Their investigation revealed that an unauthorized actor had launched a targeted phishing attack that gave them access to the employee’s email account.
The types of personal and protected health information in that account included health plan information such as name, member ID number, health plan name, and premium payment amount. BMG notes that the incident did not involve address, date of birth, Social Security number, clinical information, driver’s license number, or any financial account information.
A copy of BMG’s notification submitted to the California Attorney General’s Office on March 8 does not indicate the number of patients notified. The incident has yet to appear on HHS’s public breach tool, so we do not yet know the total number affected.