PRIME THERAPEUTICS LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Prime Therapeutics LLC, a pharmacy benefit manager, reported a data security incident on August 30, 2023, that potentially affected a subset of its covered Blue Cross and Blue Shield of Minnesota members. The incident involved unauthorized access to an employee’s mobile email account, which contained documents with members’ personal health information, including names, addresses, dates of birth, member ID numbers, and medications used. Prime Therapeutics became aware of the breach on July 11, 2023, and responded by blacklisting the unauthorized actor’s IP addresses, establishing monitoring for future login attempts, and disabling the compromised credentials. The company has stated that there is no evidence to suggest that the exposed information was accessed or misused. Prime Therapeutics has advised affected members to monitor their explanation of benefits statements and contact member services if they notice any unfamiliar services[1][2].

The healthcare industry has seen a significant increase in data breaches over the past decade, with 385 million patient records exposed from 2010 to 2022. The cost of healthcare data breaches has also risen, reaching nearly $11 million on average in 2023. Prime Therapeutics, which is collectively owned by 19 Blue Cross and Blue Shield plans, completed a $1.35 billion purchase of Magellan Rx from Centene late the previous year[1].

Citations:

  1. https://www.healthcaredive.com/news/prime-therapeutics-magellan-rx-data-security-incident/692435/
  2. https://www.prnewswire.com/news-releases/important-notification-of-data-security-incident-301913879.html
  3. https://www.tricare.mil
  4. https://finance.yahoo.com/news/important-notification-data-security-incident-200000067.html
  5. https://www.primetherapeutics.com/privacy-policy/
  6. https://www.psychologytoday.com/us/blog/communication-matters/202402/love-actually
  7. https://casetext.com/case/prime-therapeutics-llc-v-ashley-d-beatty-maxor-natl-pharmacy-servs-llc
  8. https://www.primetherapeutics.com/terms-of-use/
  9. https://www.humana.com
  10. https://cyware.com/news/prime-therapeutics-llc-primemagellan-rx-issues-notification-of-data-security-incident-96800049/
  11. https://www.ppbi.com
  12. https://www.law.com/radar/card/prime-therapeutics-llc-v-eli-lilly-and-company-et-al-43926038-r/
  13. https://www.wsj.com/?%252525252525253butm_=undefined&webview=true
  14. https://casetext.com/case/ac-disc-pharmacy-llc-v-prime-therapeutics-llc
  15. https://krebsonsecurity.com
  16. https://dockets.justia.com/docket/minnesota/mndce/0:2022cv00715/199611
  17. https://www.foxbusiness.com
  18. https://www.pacermonitor.com/public/case/43926038/Prime_Therapeutics_LLC_v_Eli_Lilly_and_Company_et_al
  19. https://www.businessinsider.com
Breach Submission Date Aug 23, 2023
Converted Entity Name PRIME THERAPEUTICS LLC
Converted Entity Type Business Associate
State MN
Individuals Affected 6,050
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes