[BreachExchange] Health Share of Oregon transportation vendor, GridWorks, confirms data breach

[Destry Winant]

https://www.prnewswire.com/news-releases/health-share-of-oregon-transportation-vendor-gridworks-confirms-data-breach-300999722.html

On January 2, 2020, Health Share of Oregon learned that the personal
information of its members was located on a laptop stolen from
GridWorks IC, Health Share's contracted non-emergent medical
transportation (Ride to Care) vendor. The break-in and theft occurred
at GridWorks' office on November 18, 2019.

The member information located on the laptop includes members' names,
addresses, phone numbers, dates of birth, Social Security numbers, and
Medicaid ID numbers. Members' personal health histories were not
exposed.

"Though the theft took place at an external vendor, we take our
members' privacy and security very seriously. We are ensuring that
members, partners, regulators, and the community are made fully aware
of this issue," said Maggie Bennington-Davis, MD, interim CEO and
Chief Medical Officer. "We are committed to providing the highest
quality service to our members, which includes protecting their
personal information."

In response to this incident, Health Share is expanding annual audits
with its contractors, enhancing training policies, and ensuring that
all transmission of patient information is kept to the minimum
necessary to perform required duties.

About 654,362 individuals' personal information is reported to be involved.

On February 5, 2020, Health Share will mail letters to all members
whose information was stored on the computer. This letter will include
an offer of one year of free credit monitoring and identity
restoration services.

Health Share cannot confirm whether the person(s) who took the
computer found or used members' information. Therefore, we strongly
urge members who receive a letter about this incident to take
advantage of the services offered.

Health Share's letter will also include a description of the incident
and proactive steps that individuals can take to safeguard personal
information, including:

Signing up for free credit/identity monitoring and restoration
services (instructions on how to sign up for these services are
included in the letter from Health Share)
Monitoring financial statements carefully, and contacting the
appropriate financial institution immediately if suspicious or
unauthorized activity is found
Monitoring credit reports and Social Security benefit reports for
suspicious activity
Placing a fraud alert or security freeze on credit files
Contacting the Federal Trade Commission (FTC), Oregon's Attorney
General's office, or law enforcement to get more information about
protecting against identity theft or to report suspicious or
unauthorized activity
Reporting incidents of suspected or actual identity theft or fraud to
the FTC, Oregon's Attorney General, or law enforcement

Additional information on how potentially impacted individuals can
protect themselves is also available on Health Share's website:
HealthShareOregon.org.

About Health Share of Oregon

Health Share of Oregon is the state's largest Medicaid coordinated
care organization (CCO), serving OHP members in Clackamas, Multnomah,
and Washington Counties. Our mission is to partner with communities to
achieve ongoing transformation, health equity, and the best possible
health for each individual.

Health Share was founded and continues to be governed by eleven health
care organizations serving OHP members: Adventist Health, CareOregon,
Central City Concern, Clackamas County, Kaiser Permanente, Legacy
Health, Multnomah County, Oregon Health & Science University,
Providence Health & Services, Tuality Health Alliance and Washington
County.