Patients were exposed by yet another snail-mail breakdown.
It’s not déjà vu. Massachusetts-based Tufts Health Plan announced today that mailed envelopes with transparent windows exposed the member identification numbers of 70,000 customers, echoing an incident last summer in which patient HIV information was breached in the same way.
The Tufts Health Plan data breach occurred when a vendor mailed ID cards to roughly 70,000 members of the Medicare Advantage plan between Dec. 11, 2017, and Jan. 2 of this year, according to the company. The lapse, however, didn’t disclose social security numbers, Medicare ID numbers, financial information, medical records, or insurance claims information, according to Tufts.
“Upon discovering the issue, Tufts Health Plan immediately worked with the vendor so that future mailings do not expose member ID numbers,” the company noted. “The health plan’s IT systems were not accessed or breached in any way.”
Healthcare Analytics News™ learned of the issue yesterday while combing through a federal healthcare data breach database and immediately contacted Tufts. Before a spokesperson responded this afternoon with a press release, dated February 16, HCA reported the breach in its February data breach rundown.
Tufts intends to notify affected individuals via mail this week. It has also established a call center to field questions. Medicare Advantage plan members may dial 1-855-269-6658 for the service.
This sort of data breach might seem archaic or even extinct, but a nearly identical incident plagued Aetna members last year. Even more consequential, however, that snafu exposed people who were taking drugs related to HIV. It ultimately resulted in a $17 million settlement between the insurer and class-action litigants, and Aetna might remain on the hook for more money.
Tufts Health Plan, meanwhile, serves more than 1.1 million people in Massachusetts, Rhode Island, and New Hampshire through a variety of plans, according to the company.
In 2014, a digital data breach put the names, dates of birth, and social security numbers of 8830 Tufts Health Plan members at risk, according to multiple reports.
Related
February's Reported Data Breaches: Over 140,000 Patients Potentially Impacted
Cybersecurity panel: Hospitals threatened by attacks aimed at vendors
November 4th 2024Chief Healthcare Executive presents another installment from our conversation on cybersecurity, with experts from the American Hospital Association, HIMSS and Providence. They talk about breaches tied to business partners.
Cybersecurity panel: The scope of recent ransomware attacks in healthcare
October 28th 2024Chief Healthcare Executive hosted a discussion on cybersecurity with leading experts from the American Hospital Association, HIMSS and the Providence health system. They talked about the growing problem of cyberattacks.