Ingenix discovers it may have been exposing health service providers’ SSNs for up to 5 years

This is one of those breaches where I really don’t blame the company, which in this case is Minnesota-based Ingenix.

Ingenix provides web-based lookups so that patients can find providers in their area covered by their health plan.  The provider  data Ingenix uses is provided by the health plans or preferred provider plans themselves.

Ingenix recently discovered that in some cases, the health plans or preferred providers had used the providers’ Social Security Numbers as provider identification numbers.  Thus, when someone looked up that provider through Ingenix’s search tool, the provider’s SSN was exposed, even though it was not identified as a Social Security Number and may not have been readily apparent as such.  In some cases, providers’ SSN may have been available for five years.

Ingenix reported the issue to the New Hampshire Attorney General’s Office on January 6.  Their notification letter indicates that they have offered 142 providers in New Hampshire free credit monitoring and credit restoration services.  The total number of providers notified was not mentioned in the notification.

Providers can enroll for protection through a web site set up for them by ID Experts at

About the author: Dissent

Comments are closed.