Posted On April 2, 2023 Consumer Privacy & Data Breaches
April 2, 2023 – Health Plan of San Mateo (HPSM) discovered that a third party had gained access to an employee’s email account with the private information of members, and as a result, HPSM filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights on March 17, 2023. The issue led to illegal access to consumers’ names, dates of birth, protected health information, and member ID numbers, according to the report. Once it was established that customer data had been compromised, HPSM started notifying everyone who had been affected by the security threat.
Understanding what is at risk is crucial if you get a notification of a data breach. On behalf of the individuals whose information was compromised, the data breach lawyers at Console & Associates, P.C. are actively looking into the Health Plan of San Mateo data breach. We are offering free consultations as part of this investigation to anyone who has been impacted by the breach and is curious to learn more about the dangers of identity theft, tips for protection, and potential legal recourse against The Health Plan of San Mateo.
Health Plan of San Mateo provides health plans in San Mateo County, including Whole Child Model, HealthWorx HMO, San Mateo County ACE Program, CareAdvantage, and Medi-Cal. HPSM, based in South San Francisco, California, serves nearly one in every five residents in San Mateo County, equaling approximately 155,000 individuals. Health Plan of San Mateo, which opened its doors in 1987, today employs over 275 people and brings in over $252 million in income annually.
According to a report submitted to the Office for Civil Rights of the U.S. Department of Health and Human Services and a notice published on the business’ website, HPSM discovered on January 17, 2023 that an unknown third party had gained access to an employee’s email account through a phishing attack. Third-party cybersecurity specialists were hired by HPSM to conduct an investigation into the breach and ascertain whether any member data was compromised as a result.
The HPSM review verified that members’ private information was present in some of the files that were accessed by the unauthorized party. Your name, date of birth, protected health information, and member ID number may have been included in the breach, though the information varies by individual.
On March 17, 2023, Health Plan of San Mateo sent data breach notification letters to anyone whose information was impacted by the cybersecurity attack.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Health Plan of San Mateo data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the notice posted on their website:
The Health Plan of San Mateo (“HPSM”) is committed to protecting the confidentiality and security of our members’ information. This notice is to inform our members and their guardians, where appropriate, of a recent email phishing incident that may have involved some of that information.
On January 17, 2023, HPSM became aware of unauthorized access within our employee email environment. With the assistance of a cybersecurity firm, HPSM determined that an unauthorized person gained access to one email account on January 17, 2023. The evidence suggests that this was an attempt to fraudulently change the employee’s direct deposit information — and not to access personal or plan member information. However, because HPSM could not rule out the possibility that member information may have been viewed, they reviewed all emails and attachments in the mailbox.
HPSM’s review identified a spreadsheet documenting calls to the nurse advice line available to HPSM members. This spreadsheet included member names, dates of birth, member identification numbers, and some limited information regarding one or more calls made to the nurse advice line. The email account did not contain social security numbers, claims information, or financial information.
HPSM is mailing letters to all affected members. If you believe you are affected by this incident and do not receive a letter by April 7, 2023, please call (866) 869-7294, Monday through Friday 8 am – 5:30 pm CST (excluding major U.S. holidays). Although we have no indication that any information will be misused, in an abundance of caution, we are recommending that members review their healthcare statements for accuracy and report any services not recognized to their provider.
HPSM takes member privacy and confidentiality very seriously. To help prevent a similar incident from occurring in the future, HPSM has further enhanced its existing security measures and is providing additional training to HPSM employees on how to detect and avoid phishing emails.