Health Plan of San Mateo

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Health Plan of San Mateo Data Breach

The Health Plan of San Mateo (HPSM) experienced a data breach that was first identified on January 17, 2023. An unauthorized party gained access to an employee’s email account through a successful phishing attack. The breach resulted in the exposure of personal information belonging to 11,894 individuals. The compromised information included names, dates of birth, member identification numbers, and protected health information[1][7][10][13].

Upon discovering the breach, HPSM took immediate action by working with a third-party data security firm to investigate the incident and determine the extent of the data compromise. The investigation confirmed that some files accessible to the unauthorized party contained members’ confidential information. HPSM reviewed the affected files to ascertain exactly what information was compromised and which consumers were impacted[1].

As a response to the breach, HPSM sent out data breach notification letters to all individuals whose information was compromised. These letters were dispatched on March 17, 2023, to inform the affected individuals about the breach and to provide guidance on how to protect themselves from potential fraud or identity theft[1].

HPSM is a community-based health plan located in South San Francisco, California, providing various health plans, including those under Medi-Cal, CareAdvantage, Whole Child Model, HealthWorx HMO, and the San Mateo County ACE Program. The organization covers approximately one in five residents of San Mateo County, totaling about 155,000 individuals. HPSM employs more than 275 people and generates approximately $252 million in annual revenue[1].

For those affected by the breach, it is crucial to understand the risks and take appropriate measures to safeguard against identity theft and fraud. This may include monitoring credit reports, setting up fraud alerts, and being vigilant for any signs of unauthorized activity on their accounts.

Citations:

  1. https://www.jdsupra.com/legalnews/the-health-plan-of-san-mateo-reports-5379882/
  2. https://www.databreaches.net/coding-error-results-in-san-mateo-health-plan-disclosing-members-medical-and-personal-details-to-other-members/
  3. https://oag.ca.gov/news/press-releases/attorney-general-bonta-announces-49-million-settlement-kaiser-illegal-disposal
  4. https://www.hpsm.org/docs/default-source/member-notices/data-security-incident.pdf
  5. https://www.dhcs.ca.gov/services/Documents/MCQMD/Compliance%20Unit-CAP/2021-HPSM-Main-CMC-Audit-Report.pdf
  6. https://www.mercurynews.com/2023/12/01/blue-shield-of-california-members-data-stolen-a-gold-mine-for-thieves/
  7. https://www.idstrong.com/data-breaches/health-plan-of-san-mateo-breach/
  8. https://www.sfchronicle.com/business/article/Data-breach-at-San-Mateo-Medical-Center-patient-13440378.php
  9. https://www.vvdailypress.com/story/news/2023/09/08/kaiser-foundation-health-to-pay-49-million-settlement/70798119007/
  10. https://www.hipaajournal.com/us-wellness-inc-blue-shield-of-california-victims-of-goanywhere-hack/
  11. https://www.pleasantonweekly.com/news/2023/09/10/kaiser-to-pay-49-million-after-environmental-patient-privacy-violations/
  12. https://oag.ca.gov/ecrime/databreach/reports/sb24-564499
  13. https://healthitsecurity.com/news/maryland-hospital-reveals-30k-individuals-impacted-by-ransomware-attack
  14. https://wpso.dmhc.ca.gov/enfactions/actionListing.aspx?Org=San+Mateo+Health+Commission&OrgType=0
  15. https://calmatters.org/commentary/2023/07/california-tragically-mental-illness-treatment/
  16. https://www.hpsm.org/about-us/governance/compliance
  17. https://www.hpsm.org/about-us/data-interoperability/member-resources
Breach Submission Date Mar 17, 2023
Converted Entity Name Health Plan of San Mateo
Converted Entity Type Health Plan
State CA
Individuals Affected 11,894
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes