Third-Party Breach Exposed 31K Patient Records
January 11, 2019 / Kacy Zurkus
The healthcare sector continues to be the target of cyberattacks, with Managed Health Services (MHS) of Indiana Health Plan announcing recently that a third-party data breach potentially exposed up to 31,000 patients' personal data in one of two security incidents the company has disclosed in the past month. The organization reportedly manages Indiana's Hoosier Healthwise and Hoosier Care Connect Medicaid programs. “MHS learned from its vendor, LCP Transportation, that unauthorized persons had gained access to some of their employees’ email accounts. This access took place sometime between July 30 and September 7, 2018,” the news release stated. On October 29, 2018, MHS launched an investigation after learning that protected health information, including names, insurance ID numbers, addresses, dates of birth, dates of service and descriptions of medication conditions, was possibly disclosed.