VNS CHOICE d/b/a VNS Health Health Plans

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

VNS CHOICE, operating as VNS Health Health Plans, experienced a data breach that was first identified on February 14, 2023, when they were notified of a data event experienced by their former vendor, Independent Living Systems (ILS). ILS provided nutritional counseling services to certain VNS members. The breach involved unauthorized access to ILS’s computer systems between June 30 and July 5, 2022, during which time sensitive information was acquired by an unauthorized actor, and other information was potentially viewed[2].

The types of information that may have been compromised include names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or Medicaid identification, mental or physical treatment/condition information, diagnosis codes, admission/discharge dates, prescription information, billing/claims information, patient names, and health insurance information[2].

VNS Health has taken the incident seriously and has terminated its relationship with ILS. They have also implemented additional safeguards and measures to further protect and monitor their systems, including technical systems enhancements, updated security policies and protocols, and staff education[2][3][5].

Affected individuals were encouraged to remain vigilant by monitoring their account statements and credit reports for any unauthorized activity and to report any suspicious activity to the associated institutions. ILS has provided notification to potentially affected individuals and offered credit monitoring services[2].

Additionally, VNS Health Health Plans experienced another incident involving unauthorized access to employee email accounts between August 10 and August 14, 2023. This incident may have involved access to files containing patient information, although it appears to have been related to attempts to defraud VNS personnel rather than to obtain patient information[3][5].

For more information on the breach and steps to take, affected individuals can refer to the notices provided by VNS Health on their website[2][3][5].

Citations:

  1. https://www.justice.gov/usao-sdny/press-release/file/982261/dl
  2. https://www.vnshealthplans.org/notice-of-independent-living-systems-data-breach/
  3. https://www.vnshealth.org/vns-health-home-care-vns-health-hospice-care-and-vns-health-personal-care-notice-of-data-security-incident/
  4. https://www.justice.gov/usao-sdny/press-release/file/982256/dl
  5. https://www.vnshealthplans.org/vns-health-health-plans-notice-of-data-security-incident/
  6. https://casetext.com/case/exarhakis-v-visiting-nurse-service-of-new-york
  7. https://www.vnshealth.org
  8. https://www.vnshealthplans.org/vns-health-health-plans-notice-of-data-event-involving-downstream-vendor-managed-care-of-north-america-inc-dental-plan-mcna/
  9. https://www.justice.gov/d9/press-releases/attachments/2017/07/17/us_v._vns_complaint_0.pdf
  10. https://www.dfs.ny.gov/system/files/documents/2021/05/n5827c05.pdf
  11. https://www.myinjuryattorney.com/vns-health-data-breach-investigation/
  12. https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/
  13. https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/
  14. https://www.vnshealthplans.org
  15. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
  16. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?%3F%3F%3F%3F%3F%3F%3F%3F%3Futm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium&%3F%3F%3F%3F%3F%3F%3Futm_campaign=Oktopost-Employee+Spotlight%3A+Inside+Tanium
  17. https://casetext.com/case/sutton-vincent-v-nyc-health-hospsharlem-hosp-ctr
Breach Submission Date Dec 08, 2023
Converted Entity Name VNS CHOICE d/b/a VNS Health Health Plans
Converted Entity Type Health Plan
State NY
Individuals Affected 13,584
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes