No information is available on whether the data obtained has been inappropriately used, Humana says.
Humana has notified 522 members in Texas that a limited amount of their personal information may have been exposed through unauthorized access to an authorized provider web portal.
Unauthorized third parties posing as physician provider groups successfully registered onto Availity, one of Humana’s authorized service providers’ web portals, and requested eligibility and benefit verification of health plan members by using certain personal information they already possessed, Humana said.
Providers use Availity’s web portal to check eligibility and benefits for multiple health plans.
The information exposed includes names, Humana member identification numbers, plan effective dates, benefit information and care reminders, which let doctors know if Humana’s records indicate a need for a screening, lab test or other treatment.
There is no reason to believe that full Social Security numbers, banking or credit card information was exposed, Humana said.
To date, Humana and Availity have no information indicating whether the data has been inappropriately used.
The incident was complex in nature and affected a number of different health insurance carriers, Humana said.
Availity discovered the incident while conducting an internal review on Feb. 14, 2019. The time frame of the breach ranged from Jan. 15, 2016 to Feb. 21, 2018.
While Availity has policies and procedures in place to maintain the security of customer’s information, it has taken additional steps including additional access requirements and enhanced monitoring, Humana said.
Humana said it regrets any concerns this incident may have caused and is offering identity theft protection product for one year for impacted Humana members.
Texas leads the country in reported breaches involving hacking, according to KERA news.
Nationwide, cyber criminals stole the health records of more than nine million Americans last year.
Date: April 11, 2019