• 5
  • Hospitals
  • 5
  • CT
  • 5
  • United Healthcare Services, Inc. Single Affiliated Covered Entity

United Healthcare Services, Inc. Single Affiliated Covered Entity

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

UnitedHealthcare, a large insurance company that serves over 8 million Americans, experienced a data breach that was discovered on December 29, 2022. The breach occurred when an unauthorized user accessed information from UnitedHealthcare’s broker and agent portal between December 1, 2022, and January 25, 2023[1].

The data accessed included Member ID numbers, first and last names, different plan types, and the state and county of residency of the individuals. Fortunately, no Social Security numbers, Driver’s License numbers, or financial details were exposed in the breach[1].

UnitedHealthcare responded to the incident by sending notices to everyone affected and responding to media inquiries. The company did not make an official announcement but ensured that the victims were informed about the breach. They advised affected individuals to be vigilant for phishing attacks and to be cautious about providing personal information in response to email or text communications[1].

The breach at UnitedHealthcare is one of many incidents reported in the healthcare sector, which has seen an increase in cyberattacks and data breaches in recent years. Healthcare organizations are required to notify the HHS Office for Civil Rights when breaches affect the health information of more than 500 people[15].

For those affected by the breach, it is recommended to monitor for any suspicious activities and to follow best practices for securing personal information, such as using strong passwords, enabling two-factor authentication, and regularly reviewing account statements and credit reports for any unauthorized activity[1].

Citations:

  1. https://www.idstrong.com/sentinel/unitedhealthcare-patients-exposed-in-data-breach/
  2. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?%3F%3F%3F%3F%3F%3F%3F%3F%3Futm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium&%3F%3F%3F%3F%3F%3F%3Futm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium
  3. https://www.hipaajournal.com/hipaa-violation-cases/
  4. https://portal.ct.gov/cid/-/media/CID/OrderDecisionEX0966pdf.pdf
  5. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?%3F%3F%3Futm_source=IDG&%3F%3Futm_source=IDG&utm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium&utm_content=Oktopost-linkedin&utm_medium=social&utm_source=linkedin
  6. https://oag.ca.gov/privacy/databreach/list
  7. https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/
  8. https://casetext.com/case/united-healthcare-servs-inc-v-corzine
  9. https://www.jdsupra.com/legalnews/united-healthcare-services-inc-2892704/
  10. https://www.uhc.com/content/dam/uhcdotcom/en/npp/NPP-UHC-EI-Medical-EN.pdf
  11. https://www.insideprivacy.com/technology/the-fcc-expands-scope-of-data-breach-notification-rules/
  12. https://www.myuhc.com/member/preLoginMobAppPrivacyPractices.do?navTarget=footer
  13. https://www.hipaajournal.com/july-2023-healthcare-data-breach-report/
  14. https://www.federalregister.gov/documents/2009/08/25/E9-20142/health-breach-notification-rule
  15. https://www.healthcaredive.com/news/tracking-healthcare-data-breaches-cybersecurity-hacking-hospitals/696184/
  16. https://www.hipaajournal.com/september-2023-healthcare-data-breach-report/
  17. https://portal.ct.gov/cid/-/media/CID/RegulatorySettlementAgreementpdf.pdf
  18. https://casetext.com/case/united-states-v-united-healthcare-ins-co-1
Breach Submission Date Dec 08, 2023
Converted Entity Name United Healthcare Services, Inc. Single Affiliated Covered Entity
Converted Entity Type Health Plan
State CT
Individuals Affected 4,264
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes