MN: PrimeWest Health notifies members of Summit Reinsurance incident

Another entity affected by the Summit Reinsurance ransomware attack in March, 2016 is first notifying individuals of the incident.

See this report about PrimeWest Health. The insurer notified HHS of the incident on December 29, reporting that 2,441 members were affected.

The reinsurer’s breach was discovered on August 8, 2016, and yet affected entities are first disclosing the breach in December and January? That’s a long gap between initial discovery by the BA and notification by the covered entity. I hope they have a good reason for it when HHS/OCR investigates.

Update and Correction: A reinsurer is not a business associate under HIPAA.

Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
KT Chief to Resign After Cybersecurity Breach Resolution
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm

Related: