United Healthcare Services, Inc. Single Affiliated Covered Entity
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
UnitedHealthcare, a large insurance company that serves over 8 million Americans, experienced a data breach that was discovered on December 29, 2022. The breach occurred when an unauthorized user accessed information from UnitedHealthcare’s broker and agent portal between December 1, 2022, and January 25, 2023[1].
The data accessed included Member ID numbers, first and last names, different plan types, and the state and county of residency of the individuals. Fortunately, no Social Security numbers, Driver’s License numbers, or financial details were exposed in the breach[1].
UnitedHealthcare responded to the incident by sending notices to everyone affected and responding to media inquiries. The company did not make an official announcement but ensured that the victims were informed about the breach. They advised affected individuals to be vigilant for phishing attacks and to be cautious about providing personal information in response to email or text communications[1].
The breach at UnitedHealthcare is one of many incidents reported in the healthcare sector, which has seen an increase in cyberattacks and data breaches in recent years. Healthcare organizations are required to notify the HHS Office for Civil Rights when breaches affect the health information of more than 500 people[15].
For those affected by the breach, it is recommended to monitor for any suspicious activities and to follow best practices for securing personal information, such as using strong passwords, enabling two-factor authentication, and regularly reviewing account statements and credit reports for any unauthorized activity[1].
Citations:
- https://www.idstrong.com/sentinel/unitedhealthcare-patients-exposed-in-data-breach/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?%3F%3F%3F%3F%3F%3F%3F%3F%3Futm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium&%3F%3F%3F%3F%3F%3F%3Futm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium
- https://www.hipaajournal.com/hipaa-violation-cases/
- https://portal.ct.gov/cid/-/media/CID/OrderDecisionEX0966pdf.pdf
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?%3F%3F%3Futm_source=IDG&%3F%3Futm_source=IDG&utm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium&utm_content=Oktopost-linkedin&utm_medium=social&utm_source=linkedin
- https://oag.ca.gov/privacy/databreach/list
- https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/
- https://casetext.com/case/united-healthcare-servs-inc-v-corzine
- https://www.jdsupra.com/legalnews/united-healthcare-services-inc-2892704/
- https://www.uhc.com/content/dam/uhcdotcom/en/npp/NPP-UHC-EI-Medical-EN.pdf
- https://www.insideprivacy.com/technology/the-fcc-expands-scope-of-data-breach-notification-rules/
- https://www.myuhc.com/member/preLoginMobAppPrivacyPractices.do?navTarget=footer
- https://www.hipaajournal.com/july-2023-healthcare-data-breach-report/
- https://www.federalregister.gov/documents/2009/08/25/E9-20142/health-breach-notification-rule
- https://www.healthcaredive.com/news/tracking-healthcare-data-breaches-cybersecurity-hacking-hospitals/696184/
- https://www.hipaajournal.com/september-2023-healthcare-data-breach-report/
- https://portal.ct.gov/cid/-/media/CID/RegulatorySettlementAgreementpdf.pdf
- https://casetext.com/case/united-states-v-united-healthcare-ins-co-1