City of Cincinnati Health Plan

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

City of Cincinnati Health Plan Data Incident

On April 19, 2022, the City of Cincinnati discovered that a Request for Proposal (RFP) for dental and vision services had been posted on the City’s procurement websites on April 8, which inadvertently included participant census data. This data contained personal information and protected health information (PHI) such as names, home addresses, demographic information, vision and/or dental insurance information, and in some cases, Social Security numbers, dental claims information, and dates of birth. It is important to note that credit card information, banking information, and medical information such as test results or treatment records were not released in this incident[1][4][6].

The incident did not impact employees who are members of AFSCME, FOP, or other City employees who do not have dental and/or vision insurance through the City. The City has stated that this event was not the result of a cybersecurity breach and there is no evidence to suggest that the information was compromised or misused. However, the City is approaching the situation with caution and has taken steps to address the incident, including notifying impacted individuals and offering them credit monitoring and identity theft services[1][4][6].

The City of Cincinnati is reviewing its policies and processes for handling RFPs and sensitive information and is implementing additional training to prevent such incidents in the future. The matter has also been reported to the Department of Health and Human Services. The City recommends that individuals remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports. They also warn against phishing emails that may target current and former City employees, advising not to reply to or click on links within such emails[1].

For those who believe they may be impacted by this incident and would like further information, the City has provided contact information for the Federal Trade Commission and the three major credit bureaus: Equifax, Experian, and TransUnion. Additionally, the City has set up a phone line for inquiries related to the incident[1].

Citations:

  1. https://www.cincinnati-oh.gov/cityofcincinnati/news/city-of-cincinnati-data-incident-substitute-notification1/
  2. https://www.cincinnati-oh.gov/law/quality-of-life/
  3. https://www.cinfin.com/business-insurance/products/cyber-risk
  4. https://www.fox19.com/2022/05/13/some-current-former-city-cincinnati-employees-possibly-impacted-by-data-incident/
  5. https://www.cincinnati-oh.gov/ecc/arc/arc-team-faq/
  6. https://www.wcpo.com/news/local-news/hamilton-county/cincinnati/more-than-2-000-current-former-city-of-cincinnati-employees-impacted-by-data-breach
  7. https://www.cincinnati-oh.gov/retirement/csa-contact-information/benefit-summary-secure/
  8. https://fox8.com/news/the-biggest-health-care-data-breaches-you-should-know-about-in-ohio/
  9. https://www.cincinnati-oh.gov/health/about-the-cincinnati-health-department/notice-of-privacy-practice/
  10. https://www.cleveland.com/news/2023/08/these-were-the-10-biggest-healthcare-data-breaches-in-ohio-last-year.html
  11. https://local12.com/news/local/cicincinnati-ohio-city-employees-insurance-data-leak-personal-information-social-security-numbers-request-for-proposal-rfp-investigation-credit-monitoring-identity-theft-fraud
Breach Submission Date Jun 16, 2022
Converted Entity Name City of Cincinnati Health Plan
Converted Entity Type Health Plan
State OH
Individuals Affected 9,769
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server

Business Associate Present Yes