DANVILLE — Some protected health information of certain Geisinger Health Plan members may have been affected by a security incident at Magellan National Imaging Associates (NIA), a vendor hired by the health plan to manage radiology benefits. Geisinger no longer uses Magellan NIA for radiology benefits.
Magellan alerted Geisinger to the issue on Sept. 24 following an investigation that began on July 5, when Magellan discovered that the email account of one of its employees had been sending out large volumes of spam email, Geisinger announced on Monday.
Magellan provided a list of impacted members on Oct. 3 and sent letters on Friday to notify them of the potential breach. The data that may have been exposed could have included their name, patient/client ID, type of service, authorization ID, and diagnosis.
The investigation revealed that several unauthorized mailbox authentications and connections originating from outside the United States had been occurring on this employee’s email account since May 28. It is believed that the unknown individuals were able to obtain the employee’s email log-in credentials through a phishing attack or other fraudulent means.
Magellan believes that the intruder was attempting to access the account solely to send out the spam emails and had no intentions to retrieve or view member data, Geisinger said. However, Geisinger is treating this incident as a breach because it could not be definitively determined if any emails were accessed, viewed or downloaded.
Magellan has informed Geisinger that it has taken steps to further secure all employee email accounts by disabling certain email protocols on all mailbox accounts, establishing relevant geofencing, and implementing Microsoft’s Password Hash Sync as well as other similar measures. Magellan also determined that none of its other systems experienced any unauthorized access aside from the impacted email accounts.
“Geisinger is committed to protecting the privacy of our members,” said Geisinger Chief Privacy Officer John Signorino. “We worked closely with Magellan to make sure all affected members were identified and properly notified. Although all evidence points to the fact that the intruders only intended to issue spam emails, in an abundance of caution we are offering all of our affected members complimentary credit monitoring and encourage them to sign up by following the instructions in the letters they received.”