Posted On April 15, 2023 Consumer Privacy & Data Breaches

Protected Health Information Leaked in Santa Clara Family Health Plan Data Breach

April 15 – After discovering on March 30, 2023 that sensitive customer data in its possession had been breached, Santa Clara Family Health Plan (SCFHP) notified the Office for Civil Rights of the United States Department of Health and Human Services. According to the company’s official report, the breach exposed users’ protected health information, which may include medical records, current and former prescriptions, health insurance information, and Social Security numbers. When it became clear that customer information had been compromised, SCFHP immediately started notifying those whose personal information had been compromised.

Console & Associates, P.C., data breach lawyers, are now looking into the SCFHP data breach. Patients of Santa Clara Family Health Plan or those who have received breach notifications may have had their personal information exposed. We are providing free consultations to go over your legal options, including whether or if you have grounds to sue SCFHP for damages resulting from the data breach.

About Santa Clara Family Health Plan

Santa Clara Family Health Plan’s Cal MediConnect, SCFHP DualConnect. and Medi-Cal healthcare programs cover more than 320,000 individuals in the San Jose, California region. Santa Clara Family Health Plan was founded in 1997 and has since grown to employ over 241 people and earn $75,000,000 annually.

Information About the Santa Clara Family Health Plan Breach

While the Santa Clara Family Health Plan data breach has only just come to light, what is known so far has been gleaned via the company’s report with the U.S. Department of Health and Human Services Office for Civil Rights, also referred to as HHS-OCR. There was an incident involving hacking the company’s network server, but that’s about all the information supplied on the HHS-OCR data breach investigations website.

Santa Clara Family Health Plan is now reviewing the affected files to determine what information was leaked and how many customers were affected after discovering that sensitive customer data was made accessible to an unauthorized entity. Your PHI may have been compromised in a data breach, albeit the specific information compromised will vary from person to person. Health records that include at least one piece of information that may be used to identify you are considered “protected health information,” or PHI, and must be handled accordingly by your healthcare practitioner. If a patient’s name or Social Security number were associated with their test results, however, the findings would be considered protected health information (PHI).

Santa Clara Family Health Plan notified those whose personal information was affected in the recent data security incident through mail on March 30, 2023. The organization has said that the SCFHP data breach compromised the personal information of 276,993 people.

What Can A Hacker Do With Protected Health Information?

If you get a data breach notification from Santa Clara Family Health Plan, it means that your sensitive information, including medical records, may have been disclosed to a third party without your knowledge or consent. Perhaps you’re asking why it’s crucial that no one else see your protected health information. Just what use will it be to them?

It’s not uncommon for hackers to steal patient data and then sell it to an imposter seeking free medical services. They can use that data to impersonate you and get medical care in your name. If that happens, you may be stuck with a bill that isn’t yours for all their medical care. Furthermore, it may cause errors in the patient’s drug list or medical history.

Certain medical records are off-limits, though. All PHI is governed and labeled in accordance with HIPAA, the Health Insurance Portability and Accountability Act of 1996. Individually identifiable health information in any form or medium (electronic, paper, or oral) kept or transferred by a covered organization or its business partner is considered PHI under the “Privacy Rule.”

HIPAA protects 18 different identifiers, including:

• Name;
• Any dates that are more specific than a year (date of birth, discharge dates, date of death, etc.) related to a patient;
• Geographic locations less than a state, like a city, county, street name and number, zip code, etc.;
• Medical record number;
• Account numbers;
• Social security number;
• Phone number;
• Email address;
• Fax number;
• Certificate and license number;
• Vehicle identifiers, like license plate numbers;
• Health plan beneficiary numbers;
• Internet protocol (IP) address;
• Device identifiers;
• Web URL;
• Full-face photographs and photos of other identifying characteristics;
• Biometric IDs, such as voice or a fingerprint; and
• Any other unique identifying characteristic.

If You Have Been Affected by Santa Clara Family Health Plan Data Breach, Console & Associates, P.C. Can Help

The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Santa Clara Family Health Plan data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.