Gold Coast Health Plan warns of data breach

Oct. 12, 2018

Gold Coast Health Plan said about 37,000 clients’ health information may have gotten into crooks’ hands due to a data breach.

Potentially affected by the breach are clients whose claim information was sent by email. The data included health plan ID numbers, dates of medical service, and in some cases, names, dates of birth, and medical procedure codes, Gold Coast said in a news release.

The attackers did not gain access to clients’ Social Security numbers or financial information, according to Gold Coast, a publicly funded entity that administers Medi-Cal health insurance to nearly 200,000 low-income residents of Ventura County.

Not all of those affected had the same information breached, the agency’s public relations manager, Susana Enriquez-Euyoque, said. For some, only one element was disclosed, she said, while others had two or more items compromised.

Those affected by the breach, totaling about 37,000 people, will be notified by mail, Enriquez-Euyoque said.

Officials with the health plan believe the attackers were trying to fraudulently transfer Gold Coast funds to their account. Gold Coast, however, said it is not aware that any misuse or attempted misuse of the information has occurred.

Gold Coast urged those affected to check their credit reports and look for suspicious medical bills. Gold Coast said it is offering identity theft protection services through ID Experts and providing affected clients with MyIDCare.

The data breach was linked to a phishing email attack, according to Gold Coast. In such an attack, hackers often send a fake link that appears to be tied to a legitimate site. When the victim clicks on the link, data can be compromised.

The attack compromised one employee’s email account, giving the attacker access to emails sent to the account between June 18 and Aug. 1, Gold Coast said.

Gold Coast said that when the problem was discovered on Aug. 9, it halted the attack, notified law enforcement authorities, disabled the compromised account, required a password change, maintained heightened monitoring, had a cybersecurity firm assess the problem, improved information security, and worked on educating employees about security issues, with an expanded focus on phishing emails.

VC Star has the full story

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...