Arizona Complete Health notifies plan members of Accellion breach

On February 26, Arizona Complete Health notified plan members of the Accellion breach. According to the notification (see below), the threat actors (who have since self-identified as CLOP) were able to “view or save” member information between January 7 and January 25, 2021.

The types of ePHI involved included insured members’ name and one or more of the following:

  • Address
  • Date of birth
  • Insurance ID Number
  • Health information, such as your medical condition(s) and treatment information

As part of its response to the incident, the covered entity offered those affected credit monitoring and identity theft restoration services for one year.  They also reviewed their processes for sharing data to make sure they are not at risk to a similar attack, and “Stopped using Accellion’s services and removed all of our data files from its system.”

On March 2, AzCH reported this incident to HHS as impacting 27,390 plan members.  The health plan is not listed on the threat actors’ dedicate leak site at the time of this publication.

Other Entities Also Reporting Protected Health Information Involved in Accellion Breach

AzCH is not the first Accellion client to report ePHI was involved in the breach:

We do not have numbers for most of the reports yet and there will likely be other entities that we will discover who were also impacted.

AZCH_Member Notice oF Accellion Breach


About the author: Dissent

Comments are closed.