[BreachExchange] 122, 000 Providence Health Plan customers may be affected by data breach

Destry Winant destry at riskbasedsecurity.com
Tue Sep 3 09:56:58 EDT 2019


The personal information of as many as 122,000 customers of Providence
Health Plan’s dental program in Oregon may have been compromised in a
security breach at the program’s administrator, Virginia-based
Dominion National.

The timing of the breach? Dominion doesn’t really know, but said it
may have started up to nine years ago.

The company sent an ambiguous letter to Providence customers this
month saying an unauthorized party may have accessed its computer
servers and personal information. The security problem did not occur
on Providence servers, but could affect some 2.9 million individuals
nationwide whose insurance plans use Dominion as an administrator.
Dominion said the unauthorized access may have occurred as early as
April 2010.

Gary Walker, a spokesman for Providence, said the company has only
been using Dominion as an administrator since 2015, so its customers’
potential exposure was for a shorter period.

While Dominion discovered the potential breach in late April, it took
nearly four months to notify customers. Dominion said the unauthorized
parties may or may not have accessed customers’ personal information,
including names, addresses, dates of birth, social security numbers,
and insurance information.

Jeff Schwab, vice president of marketing for Dominion, said he could
not provide any additional information on the nature of the breach,
why it may have spanned such a long period, and why it took so long to
both detect and to notify customers. He said an investigation
involving the FBI and other data security experts was ongoing.

The company is asking customers to monitor their insurance statements
and explanation of benefits forms for unauthorized activity, and is
offering them two years of free credit monitoring and fraud protection
services, he said. Affected customers can call Dominion National’s
incident response line at 877-503-8923.

More information about the BreachExchange mailing list