Important Health Plan Announcement
Important announcement for Health Plan members receiving pharmacy services managed by Magellan Rx Management:
On July 5, 2019 Magellan Health’s subsidiary, Magellan Rx Management, discovered a potential data breach related to protected health information of the following health plans:
- Posted on 11/13/19 – Florida Blue
- Posted on 11/13/19 – TennCare
Posted on 11/18/19 – Independent Health
- Posted on 11/22/19 – Emblem
- Posted on 11/27/19 – Alliant Health Plans
- Posted on 11/27/19 – ConnectiCare Inc
- Posted on 11/27/19 – Horizon BCBS NJ
We found that an anonymous, unauthorized third party accessed the email accounts of an employee who handles member data for various health plans. The unauthorized access occurred on May 28, 2019. We immediately secured the employee’s email account and conducted a thorough investigation of all employee email accounts and all other Magellan systems. We believe that the impacted employee may have been the target of a phishing scam and that the purpose of the unauthorized access to the email account was to send out email spam.
As a result of the hacking incident, member protected health information may potentially have been accessed. The affected email account contained protected health information that included health benefits information, which may have included member name, date of birth, member address, member ID, provider name, authorization determination and/or number, claim number, date(s) of service, drug name, billing codes, or benefit descriptions such as diagnosis or procedure. The employee’s email account also included the Social Security Numbers (SSN) of members of some health plans.
A third-party expert assisted in our investigation, which found no evidence that protected health information has actually been accessed as a result of this incident. We also found no compromise or unauthorized intrusion into any of our other systems used to handle member or provider personal information.
We have sent letters to impacted members of the hacking incident. Some individuals will be offered complimentary credit monitoring and identity theft protection services. If an impacted member is offered this, it will be indicated in the letter they received.
Members who have questions can call a dedicated toll-free helpline at 833-959-1351 (TTY 711). The helpline is open Monday through Friday, 9 a.m. – 9 p.m. Eastern Time. Members may also visit https://ide.myidcare.com/magellanhealthcare-nia-protect.
As always, we are committed to safeguarding the privacy and security of health plan member protected health information. Our Information Security team has implemented enhanced security and authentication measures to protect our email system. We are updating our required yearly employee training and other educational programs to help employees keep their computers more secure. We also notified law enforcement about this hacking incident.
At Magellan Health, we take the privacy of our clients’ and members’ information very seriously, and we apologize for the inconvenience and concerns this incident has caused them.