DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Affinity Health Plan notifies over 409,000 of breach

Posted on April 20, 2010 by Dissent

Cross-posted from phiprivacy.net:

On April 5, Affinity Health Plan issued a press release concerning a “potential security breach” of customer, provider, and staff personal information.

According to the release, Affinity was informed on March 17 that an office copier leased previously by it and since returned to the leasing company might contain personal information on its hard drive. As of the April 5 statement, the company had not yet retrieved the hard drive nor had an opportunity to examine it, but according to the company, some of the personal information on the copiers may have included Social Security numbers, dates of birth, and medical information.

As a result of the situation, Affinity began contacting the leasing company to retrieve hard drives of other copiers it had leased in the past and is changing its practices with respect to scrubbing hard drives on leased equipment before it is returned.

Although the need to scrub or safely destroy copier hard drives has been discussed in security and privacy circles since at least 2002, Affinity admits that they were not aware of the risk:

“Like many organizations across the country, we were not aware copy machines contained hard drives that need to be wiped,” said Abbe Abboa-Offei, senior vice president of Customer & Community Connections. “Safeguarding the confidentiality of protected health information and other personally identifiable information of our customers is a priority for us, and we have immediately notified all those potentially affected as well as appropriate regulators and authorities.”

According to its statement, Affinity serves more than 250,000 members in an area that includes New York City, Long Island, and the surrounding counties of Westchester, Rockland and Orange.

In its notification to the NYS Consumer Protection board about the breach, the company indicated that 409,262 NYS residents were affected. A spokesperson for Affinity with whom I spoke yesterday explained that the 409,262 figure includes former and current employees, providers, applicants for jobs, members, and applicants for coverage, and represents the company erring on the side of caution as they have not yet concluded their forensic examination.

Although the spokesperson would not go beyond the press release and directly confirm that a breach had occurred, a report by CBS News on April 15 confirms that confidential information was on the hard drive, which had been found at a warehouse in New Jersey, ready to be sold:

But it wasn’t until hitting “print” on the fourth machine – from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

Whether other types of personally identifiable information, including SSN and employee or provider data, were on the drive remains to be confirmed.

Related Posts:

  • HHS settles with Affinity Health Plan in photocopier…
  • Police data on copiers causes city to scramble
  • Breaches recently reported to NYS
  • Affinity Health Plan notifies members of PHI breach
  • Affinity Gaming reports second data breach

Post navigation

← Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach
Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)
  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net