[BreachExchange] Providence business associate coding error exposes info of 49, 511 health plan members

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/providence-business-associate-coding-error-exposes-info-of-49-511-health-plan-members.html

Providence Health Plan business associate Zipari in April notified the
health insurer that a coding error allowed unauthorized users to
access certain unencrypted enrollment documents for small group health
plan members.

Portland, Ore.-based Providence Health Plan reported the security
incident to HHS on June 16 as impacting 49,511 members. After
discovering the incident on April 9, Zipari launched an investigation
and found that certain Providence Health Plan enrollment documents
were accessed by unauthorized IP addresses in May, September and
November of 2019.

Information accessed was limited to small employer group renewals,
including employer names, member names and member dates of birth. No
medical history, health information, Social Security numbers or
financial information was exposed.

Providence Health Plan had hired Zipari to prepare enrollment
documents for employer-sponsored plans in the small group market. The
tech services company fixed the coding error and has implemented
additional access controls to prevent unauthorized access to files,
according to a notice published on Providence Health Plan's website.

Providence Health Plan is offering identity theft protection services
to individuals affected by the incident and is arranging a third-party
audit of Zipari's data security practices.