What is the issue - Sharecare Health Data Services (SHDS) suffered a network hack compromising patients data of AltaMed Health Services Corporation and Blue Shield of California.
Sharecare Health Data Services is a third-party vendor that provides medical records management services to AltaMed and Blue Shield.
What happened - On June 22, 2018, Sharecare detected abnormal activity within the SHDS network. The third-party vendor immediately conducted an investigation and found that an unauthorized third-party gained illegal access to SHDS network and its files containing medical records of AltaMed and Blue Shield.
The network hack actually began on May 21, 2018. However, SHDS notified AltaMed and Blue Shield on December 31, 2018.
Upon learning about the incident, AltaMed and Blue Shield notified its members and patients on February 15, 2019. AltaMed has notified almost 5767 California residents about the incident, meanwhile, Blue Shield reported that the data breach has impacted nearly 18000 individuals.
What was exposed - The exposed data included patients’ names, addresses, dates of birth, unique identification numbers, names and addresses of clinics, names of health care providers, medical record numbers, and internal SHDS processing notes.
However, no social security number, driving license number, payment card details, or medical information were involved in the breach.
What actions were taken?
“Since receiving notice from SHDS about this incident, AltaMed has worked diligently to learn as much as possible about it and to identify those AltaMed patients whose information may have been affected for purposes of notification. According to SHDS, SHDS has also taken affirmative steps to respond to this incident and to help prevent similar incidents from occurring in the future,” AltaMed said in an official statement.
“Blue Shield takes this situation seriously and is committed to protecting the privacy of its members. Blue Shield is working with Sharecare to ensure that Sharecare’s increased cybersecurity protections meet Blue Shield’s strict cybersecurity requirements. Blue Shield will provide all impacted individuals with free credit monitoring and identify repair services from AllClear ID at no cost to the affected members,” Blue Shield of California said in an official statement.