City of Cincinnati Health Plan
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
City of Cincinnati Health Plan Data Incident
On April 19, 2022, the City of Cincinnati discovered that a Request for Proposal (RFP) for dental and vision services had been posted on the City’s procurement websites on April 8, which inadvertently included participant census data. This data contained personal information and protected health information (PHI) such as names, home addresses, demographic information, vision and/or dental insurance information, and in some cases, Social Security numbers, dental claims information, and dates of birth. It is important to note that credit card information, banking information, and medical information such as test results or treatment records were not released in this incident[1][4][6].
The incident did not impact employees who are members of AFSCME, FOP, or other City employees who do not have dental and/or vision insurance through the City. The City has stated that this event was not the result of a cybersecurity breach and there is no evidence to suggest that the information was compromised or misused. However, the City is approaching the situation with caution and has taken steps to address the incident, including notifying impacted individuals and offering them credit monitoring and identity theft services[1][4][6].
The City of Cincinnati is reviewing its policies and processes for handling RFPs and sensitive information and is implementing additional training to prevent such incidents in the future. The matter has also been reported to the Department of Health and Human Services. The City recommends that individuals remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports. They also warn against phishing emails that may target current and former City employees, advising not to reply to or click on links within such emails[1].
For those who believe they may be impacted by this incident and would like further information, the City has provided contact information for the Federal Trade Commission and the three major credit bureaus: Equifax, Experian, and TransUnion. Additionally, the City has set up a phone line for inquiries related to the incident[1].
Citations:
- https://www.cincinnati-oh.gov/cityofcincinnati/news/city-of-cincinnati-data-incident-substitute-notification1/
- https://www.cincinnati-oh.gov/law/quality-of-life/
- https://www.cinfin.com/business-insurance/products/cyber-risk
- https://www.fox19.com/2022/05/13/some-current-former-city-cincinnati-employees-possibly-impacted-by-data-incident/
- https://www.cincinnati-oh.gov/ecc/arc/arc-team-faq/
- https://www.wcpo.com/news/local-news/hamilton-county/cincinnati/more-than-2-000-current-former-city-of-cincinnati-employees-impacted-by-data-breach
- https://www.cincinnati-oh.gov/retirement/csa-contact-information/benefit-summary-secure/
- https://fox8.com/news/the-biggest-health-care-data-breaches-you-should-know-about-in-ohio/
- https://www.cincinnati-oh.gov/health/about-the-cincinnati-health-department/notice-of-privacy-practice/
- https://www.cleveland.com/news/2023/08/these-were-the-10-biggest-healthcare-data-breaches-in-ohio-last-year.html
- https://local12.com/news/local/cicincinnati-ohio-city-employees-insurance-data-leak-personal-information-social-security-numbers-request-for-proposal-rfp-investigation-credit-monitoring-identity-theft-fraud