The personal information of as many as 122,000 customers of Providence Health Plan’s dental program in Oregon may have been compromised in a security breach at the program’s administrator, Virginia-based Dominion National.
The timing of the breach? Dominion doesn’t really know, but said it may have started up to nine years ago.
The company sent an ambiguous letter to Providence customers this month saying an unauthorized party may have accessed its computer servers and personal information. The security problem did not occur on Providence servers, but could affect some 2.9 million individuals nationwide whose insurance plans use Dominion as an administrator. Dominion said the unauthorized access may have occurred as early as April 2010.
Gary Walker, a spokesman for Providence, said the company has only been using Dominion as an administrator since 2015, so its customers’ potential exposure was for a shorter period.
While Dominion discovered the potential breach in late April, it took nearly four months to notify customers. Dominion said the unauthorized parties may or may not have accessed customers’ personal information, including names, addresses, dates of birth, social security numbers, and insurance information.
Jeff Schwab, vice president of marketing for Dominion, said he could not provide any additional information on the nature of the breach, why it may have spanned such a long period, and why it took so long to both detect and to notify customers. He said an investigation involving the FBI and other data security experts was ongoing.
The company is asking customers to monitor their insurance statements and explanation of benefits forms for unauthorized activity, and is offering them two years of free credit monitoring and fraud protection services, he said. Affected customers can call Dominion National’s incident response line at 877-503-8923.
Date: September 10, 2019
Source: Oregon Live