November 08, 2018 – CNO Monetary Group reported to OCR on Oct. 25 breach compromised PHI on 566,217 people.
CNO Monetary Group’s largest unit, Bankers’ Life, issued a assertion describing the breach. The group found on Aug. 7 that unauthorized third events accessed credentials belonging to a lot of workers between Could 30 and September 13, 2018.
Throughout this era, unauthorized third events used worker info to achieve entry to firm web sites, presumably accessing private info of policyholders and candidates.
CNO Monetary Group offers Medicare complement insurance coverage, supplemental medical health insurance, life insurance coverage, long-term care insurance coverage, and annuities by means of Bankers’ Life and Colonial Penn Life Insurance coverage.
“After we first realized of this exercise on August 7, we started an investigation and notified federal regulation enforcement. We employed an exterior forensics investigator to conduct the investigation and took steps to additional limit and monitor entry to our methods and to boost further safety procedures,” the assertion mentioned.
The non-public info which will have been accessed included names, addresses, dates of start, insurance coverage info, and the final 4 digits of Social Safety numbers. For some victims, full Social Safety numbers, driver’s license or state identification card numbers, checking account numbers, credit score or debit card info, medicines, analysis, and/or therapy plans could have been accessed.
The group mentioned it’s providing free identification restore and credit score monitoring providers to these affected by the breach.
Stolen Laptop computer Exposes PHI on 10Okay Raley’s Pharmacy Sufferers
Raley’s Supermarkets notified the California Legal professional Basic laptop computer stolen from an worker on Sept. 24 could have contained unencrypted PHI on pharmacy sufferers of its Raley’s, Bell Air, or Nob Items shops.
On its web site, Raley’s mentioned that round 10,000 pharmacy sufferers have been affected.
In an Oct. 26 letter to potential victims, the corporate mentioned that the laptop computer could have contained buyer’s first identify, final identify, gender, date of start, well being plan, plan member identification quantity, medical situation, pharmacy location visited someday between January 1, 2017, and September 24, 2018, and in some instances the prescription drug stuffed.
Raley’s burdened that the laptop computer didn’t include addresses, Social Safety numbers, bank card info, or driver’s license numbers.
“We now have taken steps to research this incident and to stop related incidents from occurring once more. Amongst different steps taken to research this incident, we interviewed workers with entry to the laptop computer to grasp potential content material on the laptop computer and examined emails obtained by these workers with hyperlinks to obtain information which will have been briefly downloaded to cache information on the laptop computer. Amongst different steps taken to guard in opposition to additional incidents, now we have encrypted all pharmacy laptops,” Raley’s mentioned within the letter.
Ransomware Assault Exposes PHI on 16Okay Sufferers at NAHI
The Nationwide Ambulatory Hernia Institute (NAHI) reported to OCR Oct. 5 that an e mail assault affected PHI of 15,974 people.
On its web site, NAHI mentioned that it suffered a ransomware assault on Sept. 13 that was tied to the e-mail tackle [email protected], which is related to Gamma ransomware. Gamma is member of the Crysis ransomware household. Throughout encryption, Gamma ransomware provides the “.gamma” extension to each encrypted file.
The ransomware assault could have uncovered info on sufferers handled by the institute’s physicians previous to July 19. Data that may have been compromised included full identify, tackle, date of start, Social Safety quantity, analysis, and appointment date and time.
“Our workplace has moved all of our information to an off-site server, continues to research this matter, and has taken steps to remove the potential for a future breach together with the acquisition of a extra strong firewall and antivirus,” NAHI defined on its web site.