VNS Health Plans

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

VNS Health, which includes VNS Health Home Care, VNS Health Hospice Care, and VNS Health Personal Care, experienced a data security incident involving unauthorized access to employee email accounts between August 10, 2023, and August 14, 2023. The breach was discovered on August 14, 2023, and VNS Health responded by securing the accounts, initiating an internal investigation, and engaging a third-party cybersecurity firm to determine the scope of the unauthorized access[1][3].

The investigation, which progressed until September 14, 2023, revealed that the incident may have involved access to files containing patient information. The unauthorized access was apparently part of attempts to defraud VNS personnel, and there was no indication that the aim was to obtain patient information. However, the files potentially accessed may have contained personal health information such as names, dates of birth, addresses, phone numbers, diagnosis and treatment information, and health insurance information. Not all data elements were involved for all impacted individuals[1][3].

In response to the incident, VNS Health has implemented additional safeguards and measures to protect and monitor their systems, including technical enhancements, updated security policies and protocols, and staff education. They have also advised affected individuals to review their statements from VNS and healthcare providers for services they did not receive and to contact VNS with any concerns[1][3].

VNS Health reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights, affecting 5,175 VNS Health Personal Care patients and others[6]. Additionally, a separate incident involving a VNS vendor, TMG Health, resulted in a data breach affecting 103,775 consumers. This breach, discovered on July 21, 2023, involved sensitive information such as Social Security numbers, addresses, dates of birth, billing information, and medical information[7][8][14].

Affected individuals have been notified and offered complimentary credit monitoring services. VNS Health has also provided a toll-free number for individuals to call for more information and assistance[1][3][7].

The incident has led to investigations and potential class action lawsuits to determine the legal consequences of the breach and to seek compensation for affected individuals[5][14][15].

Citations:

  1. https://www.vnshealth.org/vns-health-home-care-vns-health-hospice-care-and-vns-health-personal-care-notice-of-data-security-incident/
  2. https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/
  3. https://www.vnshealthplans.org/vns-health-health-plans-notice-of-data-security-incident/
  4. https://www.vnshealthplans.org/notice-of-independent-living-systems-data-breach/
  5. https://www.legalscoops.com/vns-health-data-breach-class-action/
  6. https://www.hipaajournal.com/ransomware-groups-attack-3-healthcare-providers/
  7. https://www.jdsupra.com/legalnews/vns-health-confirms-data-breach-at-tmg-7934022/
  8. https://healthitsecurity.com/news/moveit-breach-notifications-continue-to-roll-in-impacting-health-data
  9. https://apps.web.maine.gov/online/aeviewer/ME/40/ab52899e-257a-4ace-a72b-19611a07096c/6a3ade88-da7a-46bd-9282-ad9dcc2c873b/document.html
  10. https://apps.web.maine.gov/online/aeviewer/ME/40/ab52899e-257a-4ace-a72b-19611a07096c.shtml
  11. https://healthitsecurity.com/news/third-party-data-breaches-continue-to-dominate-breach-notifications
  12. https://www.businesswire.com/news/home/20230815487978/en/Federman-Sherwood-Investigates-VNS-Health-Plans-for-Data-Breach
  13. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
  14. https://www.myinjuryattorney.com/vns-health-data-breach-investigation/
  15. https://www.newstrail.com/cole-van-note-announces-vns-choice-vns-health-plans-data-breach-investigation/
  16. https://www.vnshealthplans.org/vns-health-health-plans-notice-of-data-event-involving-downstream-vendor-managed-care-of-north-america-inc-dental-plan-mcna/
  17. https://www.maxeyfirm.com/data-breach-investigations/9t0ugceiglm1543zjxpua1c8shufjw
Breach Submission Date Aug 14, 2023
Converted Entity Name VNS Health Plans
Converted Entity Type Health Plan
State NY
Individuals Affected 103,775
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes