An email breach at Magellan National Imaging Associates claims another covered entity victim, Geisinger Health Plan. Magellan, hired by the health plan to manage their radiology benefits, discovered on July 5 that an employee’s email account was compromised. The account in question had been sending out spam emails originating from outside of the U.S. since May.
Although Geisinger is unable to determine whether or not protected health information (PHI) was accessed in the email breach, they are notifying 5,848 of the potential breach. The data potentially viewed included patient names, types of service, diagnoses, patient identification numbers, and authorization identifications.
In response to the incident John Signorino, chief privacy officer at Geisinger stated, “We worked closely with Magellan to make sure all affected members were identified and properly notified. Although all evidence points to the fact that the intruders only intended to issue spam emails, in an abundance of caution we are offering all of our affected members one year of credit monitoring services through Experian and encourage them to sign up by following instructions in the letters they received.”
Is your organization protected against breaches? Take this quiz to find out!
Strengthening Security After an Email Breach
Since the occurrence of the email breach, Magellan has increased their email security procedures. They have implemented geofencing, password hash synchronization, and disabled some email protocols across all email accounts. However, Geisinger has ceased business with the vendor.
Managing business associates (BAs) can be a difficult undertaking. Ed Gaudet, CEO and founder of Censinet, which operates a cloud platform for vendor risk management stated, “Provider executives and board members must begin to implement proactive, automated approaches to risk management, arming them with the ability to make dynamic, informed decisions in real-time, lower costs and avoid data breaches such as this one.”
