Health Plan of San Mateo
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Health Plan of San Mateo Data Breach
The Health Plan of San Mateo (HPSM) experienced a data breach that was first identified on January 17, 2023. An unauthorized party gained access to an employee’s email account through a successful phishing attack. The breach resulted in the exposure of personal information belonging to 11,894 individuals. The compromised information included names, dates of birth, member identification numbers, and protected health information[1][7][10][13].
Upon discovering the breach, HPSM took immediate action by working with a third-party data security firm to investigate the incident and determine the extent of the data compromise. The investigation confirmed that some files accessible to the unauthorized party contained members’ confidential information. HPSM reviewed the affected files to ascertain exactly what information was compromised and which consumers were impacted[1].
As a response to the breach, HPSM sent out data breach notification letters to all individuals whose information was compromised. These letters were dispatched on March 17, 2023, to inform the affected individuals about the breach and to provide guidance on how to protect themselves from potential fraud or identity theft[1].
HPSM is a community-based health plan located in South San Francisco, California, providing various health plans, including those under Medi-Cal, CareAdvantage, Whole Child Model, HealthWorx HMO, and the San Mateo County ACE Program. The organization covers approximately one in five residents of San Mateo County, totaling about 155,000 individuals. HPSM employs more than 275 people and generates approximately $252 million in annual revenue[1].
For those affected by the breach, it is crucial to understand the risks and take appropriate measures to safeguard against identity theft and fraud. This may include monitoring credit reports, setting up fraud alerts, and being vigilant for any signs of unauthorized activity on their accounts.
Citations:
- https://www.jdsupra.com/legalnews/the-health-plan-of-san-mateo-reports-5379882/
- https://www.databreaches.net/coding-error-results-in-san-mateo-health-plan-disclosing-members-medical-and-personal-details-to-other-members/
- https://oag.ca.gov/news/press-releases/attorney-general-bonta-announces-49-million-settlement-kaiser-illegal-disposal
- https://www.hpsm.org/docs/default-source/member-notices/data-security-incident.pdf
- https://www.dhcs.ca.gov/services/Documents/MCQMD/Compliance%20Unit-CAP/2021-HPSM-Main-CMC-Audit-Report.pdf
- https://www.mercurynews.com/2023/12/01/blue-shield-of-california-members-data-stolen-a-gold-mine-for-thieves/
- https://www.idstrong.com/data-breaches/health-plan-of-san-mateo-breach/
- https://www.sfchronicle.com/business/article/Data-breach-at-San-Mateo-Medical-Center-patient-13440378.php
- https://www.vvdailypress.com/story/news/2023/09/08/kaiser-foundation-health-to-pay-49-million-settlement/70798119007/
- https://www.hipaajournal.com/us-wellness-inc-blue-shield-of-california-victims-of-goanywhere-hack/
- https://www.pleasantonweekly.com/news/2023/09/10/kaiser-to-pay-49-million-after-environmental-patient-privacy-violations/
- https://oag.ca.gov/ecrime/databreach/reports/sb24-564499
- https://healthitsecurity.com/news/maryland-hospital-reveals-30k-individuals-impacted-by-ransomware-attack
- https://wpso.dmhc.ca.gov/enfactions/actionListing.aspx?Org=San+Mateo+Health+Commission&OrgType=0
- https://calmatters.org/commentary/2023/07/california-tragically-mental-illness-treatment/
- https://www.hpsm.org/about-us/governance/compliance
- https://www.hpsm.org/about-us/data-interoperability/member-resources