Dominion National server hack from August 2010 exposed PHI of 2.9 Million plan members

Dominion National, a health plan administrator, an insurer, as well as administrator of the dental and vision benefits, based in Virginia is notifying the patients that their medical and personal data was possibly breached during an almost nine-year hack on their servers.

Dominion National has been notified regarding a security incident by an internal alert. So, it immediately retained one of the topmost cybersecurity company and an internal investigation was launched. The investigation about the cyberattack finished on Apr. 24, 2019. Dominion National determined that hackers gained unauthorized access to a few of their computer servers and systems for the first-time on Aug. 25, 2010 (i.e. almost nine years before this investigation got completed).

The comprehensive forensic analysis as well as review of the affected data has confirmed that the hackers were possibly able to access demographic and enrollment data of the former and current members of Dominion National's vision plan, PHI of the individuals who were members of the health plans for whom Dominion National provides administration services, as well as data of the individuals who are affiliated to the dental and vision benefits. The servers also have data of the plan producers along with participating healthcare providers.

Types of information that was involved varied from person to person, but might have included the names, Social Security numbers, dates of birth, taxpayer ID numbers, addresses, email addresses, bank account as well as routing numbers, group numbers, subscriber numbers, and member ID numbers.

All the potentially affected individuals have been notified, and were offered two years of free membership to identity theft protection and credit monitoring services. Besides, Dominion National also has cleaned all the affected servers, as well as implemented the enhanced monitoring and alerting software in order to avoid such kind of incidents from occurring in the future.

As per the summary that was published on breach portal of HHS' Office for Civil Rights, 2,964,778 plan members PHI got exposed.

Although access to system was confirmed, the Dominion National did not find any evidence that will suggest any kind of patient data has been accessed, misused or acquired by the individual or individuals who is responsible for this attack. The breach notification letters have been mailed on Jun. 21, 2019.

Mike Davis, Dominion National President, said in one statement that "we recognize the frustration and concern that this news may cause, and rest assured we are doing everything we can to protect your information moving forward. We are committed to making sure you get the tools and assistance you need to help protect your information".

» SPAMfighter News - 7/22/2019