Community Health Plan of Washington is notifying its members that their personal information may have been accessed without authorization.
Community Health Plan of Washington launched an investigation and a digital forensics firm was brought in to determine whether member records were accessed without authorization. The investigation revealed that the initial unauthorized access occurred on Jan. 16.
The investigation revealed that members’ names, addresses, dates of birth, Social Security numbers and certain coding information related to health care claims may have been accessed. Banking and credit information were not contained in the accessed data.
As soon as the plan learned of the unauthorized access, it took immediate steps to disable access to the server storing the information, the plan said in a news release.
Community Health Plan, which provides managed care to more than 17,000 Medicaid members in Clark County, notified the Washington State Health Care Authority and the Washington State Office of the Insurance Commissioner of the data breach. The plan also alerted the Federal Bureau of Investigation.
Community Health Plan began notifying affected members of the breach on Dec. 21. All affected members are being offered free credit and identity monitoring services for 12 months and access to a dedicated hotline and email address for questions.
The plan is also working with its technology services provider to increase security of all member information and to prevent similar incidents in the future.
“Our highest priority is the protection of our members’ confidential information and their trust,” said Leanne Berge, CEO of Community Health Plan, in a news release. “As a community health center-focused, not-for-profit we have the duty to provide transparency in our work and are committed to providing all the resources that our members need to understand this incident and protect themselves.”