Tufts Health Plan Members’ PHI Exposed in EyeMed Phishing Attack

HIPAA Journal

Steve Alder

60,545 members of Tufts Health Plan have had their protected health information exposed in a phishing attack on the vision benefits management company EyeMed.

The phishing attack occurred in June 2020 and was discovered by EyeMed on July 1, 2020. Access to the breached account was terminated the same day. EyeMed notified Tufts Health Plan about the breach in September 2020.

The compromised email account contained the following types of protected health information: Names, addresses, dates of birth, phone numbers, email addresses, vision insurance account/identification numbers, health insurance account/identification numbers, Medicaid or Medicare numbers, driver’s license or other government identification numbers, and birth or marriage certificates. Partial or full social security numbers and/or financial information, medical diagnoses and conditions, treatment information, and/or passport numbers were implicated for some individuals.

Affected individuals have been ...

Get the Morning Update

Thanks for subscribing!