VNS Health Plans
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
VNS Health, which includes VNS Health Home Care, VNS Health Hospice Care, and VNS Health Personal Care, experienced a data security incident involving unauthorized access to employee email accounts between August 10, 2023, and August 14, 2023. The breach was discovered on August 14, 2023, and VNS Health responded by securing the accounts, initiating an internal investigation, and engaging a third-party cybersecurity firm to determine the scope of the unauthorized access[1][3].
The investigation, which progressed until September 14, 2023, revealed that the incident may have involved access to files containing patient information. The unauthorized access was apparently part of attempts to defraud VNS personnel, and there was no indication that the aim was to obtain patient information. However, the files potentially accessed may have contained personal health information such as names, dates of birth, addresses, phone numbers, diagnosis and treatment information, and health insurance information. Not all data elements were involved for all impacted individuals[1][3].
In response to the incident, VNS Health has implemented additional safeguards and measures to protect and monitor their systems, including technical enhancements, updated security policies and protocols, and staff education. They have also advised affected individuals to review their statements from VNS and healthcare providers for services they did not receive and to contact VNS with any concerns[1][3].
VNS Health reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights, affecting 5,175 VNS Health Personal Care patients and others[6]. Additionally, a separate incident involving a VNS vendor, TMG Health, resulted in a data breach affecting 103,775 consumers. This breach, discovered on July 21, 2023, involved sensitive information such as Social Security numbers, addresses, dates of birth, billing information, and medical information[7][8][14].
Affected individuals have been notified and offered complimentary credit monitoring services. VNS Health has also provided a toll-free number for individuals to call for more information and assistance[1][3][7].
The incident has led to investigations and potential class action lawsuits to determine the legal consequences of the breach and to seek compensation for affected individuals[5][14][15].
Citations:
- https://www.vnshealth.org/vns-health-home-care-vns-health-hospice-care-and-vns-health-personal-care-notice-of-data-security-incident/
- https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/
- https://www.vnshealthplans.org/vns-health-health-plans-notice-of-data-security-incident/
- https://www.vnshealthplans.org/notice-of-independent-living-systems-data-breach/
- https://www.legalscoops.com/vns-health-data-breach-class-action/
- https://www.hipaajournal.com/ransomware-groups-attack-3-healthcare-providers/
- https://www.jdsupra.com/legalnews/vns-health-confirms-data-breach-at-tmg-7934022/
- https://healthitsecurity.com/news/moveit-breach-notifications-continue-to-roll-in-impacting-health-data
- https://apps.web.maine.gov/online/aeviewer/ME/40/ab52899e-257a-4ace-a72b-19611a07096c/6a3ade88-da7a-46bd-9282-ad9dcc2c873b/document.html
- https://apps.web.maine.gov/online/aeviewer/ME/40/ab52899e-257a-4ace-a72b-19611a07096c.shtml
- https://healthitsecurity.com/news/third-party-data-breaches-continue-to-dominate-breach-notifications
- https://www.businesswire.com/news/home/20230815487978/en/Federman-Sherwood-Investigates-VNS-Health-Plans-for-Data-Breach
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
- https://www.myinjuryattorney.com/vns-health-data-breach-investigation/
- https://www.newstrail.com/cole-van-note-announces-vns-choice-vns-health-plans-data-breach-investigation/
- https://www.vnshealthplans.org/vns-health-health-plans-notice-of-data-event-involving-downstream-vendor-managed-care-of-north-america-inc-dental-plan-mcna/
- https://www.maxeyfirm.com/data-breach-investigations/9t0ugceiglm1543zjxpua1c8shufjw