Bob Young reports:
Almost 400,000 current and former members of the Community Health Plan of Washington have had personal information, including Social Security numbers, exposed in a data breach.
The nonprofit, which provides health insurance through Medicaid in Washington, is sending letters to 381,534 individuals Wednesday notifying them of the invasion and steps they can take to protect themselves with help from Community Health Plan of Washington.
Read more on The Seattle Times. The incident appears to involve an unnamed business associate/vendor that is a subsidiary of NTT Data.
UPDATE: It appears that this breach is yet another caused by a public FTP server, and that it was discovered by a security researcher who reported it to them. Interesting that the reporting says “invasion,” and I’ll be interested to see how the covered entity explains this breach to its members. In the meantime, I’m changing the tags on this incident from “hack” to “exposure.”
UPDATE 2: And now we know the name of the BA: Transaction Applications Group Inc., doing business as NTT Data, who processes claims for CHPW. Read more on GovInfoSecurity. It sounds like CHPW may be building a case of hacking against the researcher.