Nintendo Health Plan breach impacts 6,248 (Updated)

It’s all fun and games until you have to report a breach involving your health plan to HHS.

Nintendo of America, Inc. notified HHS on February 26 of an incident impacting 6,248. The incident was coded as “Hacking/IT Incident” involving their Network Server, but still covers a lot of possibilities. [CORRECTION: It was not their network server – see update below this post.]

There’s no notice on their web site at this time and I can find no press release explaining what happened.

This post will be updated as more information becomes available.

Updated March 8, 2016. received an email from Nintendo of America today:

Roughly one year ago, health insurance providers Premera Blue Cross and Anthem announced that cyber-attackers had gained access to restricted data. As a result, information regarding the employees of many different companies, including Nintendo of America, may have been compromised.

There was no data breach at Nintendo.

Any questions regarding this issue will be best answered by Premera and Anthem.

Thanks to Nintendo of America to reaching out to this site.

And this, my friends, is another example of why HHS’s breach tool can be so misleading or confusing. Nintendo of America tried to responsibly report what happened to their members, but the way HHS codes things, it appeared that there were data hacked or stolen from a network server. Since “business associate present” was NOT checked, it would be logical conclusion (but wrong, in this case) to think that it was their network server. I have repeatedly urged HHS to revise its breach tool to make the reports clearer and more understandable to prevent exactly these kinds of misinterpretations. In the meantime, apologizes to Nintendo of America for the original description.

About the author: Dissent

Comments are closed.