Academic HealthPlans, Inc. Identifies and Resolves a Data Security Incident
VINE, Texas, July 20, 2021 / PRNewswire / – Today, Academic HealthPlans, Inc. (“AHP”) announced that it has resolved a data security incident that may have resulted in unauthorized access to information relating to student health plans. ‘she administers.
Following the conclusion of its investigation of suspicious activity involving an employee’s email account, AHP determined that an email phishing attack targeting AHP employees may have resulted in unauthorized access to employees. emails and attachments in the email accounts of both employees.
While no evidence was found during the investigation that emails in employee accounts had in fact been acquired or viewed, AHP could not rule out this possibility. The investigation, which AHP concluded on June 4, 2021, determined that the email accounts of two AHP employees were subject to unauthorized access as a result of the phishing incident between the dates of Aug 6, 2020 and Aug 24, 2020, and on October 2, 2020. The investigation confirmed that unauthorized access was limited to AHP’s cloud-based Microsoft Office 365 messaging system and did not involve AHP’s registration waiver platform or any other AHP system.
Subsequently, AHP undertook a comprehensive and time-consuming programmatic and manual review of all data that could have been included. This in-depth review process was undertaken to identify what type of information was involved and to whom the information pertained. AHP then correlated the results of this data review with its files to identify health plans and self-insured universities associated with the information. Based on this review, AHP determined that emails or attachments in employee email accounts contained information about student members, including names, dates of birth, social security numbers, health insurance membership numbers, claim information, diagnosis and treatment information.
Between June 21, 2021 and July 7, 2021, AHP provided written notification to health plans and self-insured universities whose member information may have been involved in this incident and offered to provide notice to those members and applicable regulatory bodies on their behalf. From the June 29, 2021, the various health plans and self-insured universities responded positively to the notification offer.
At July 20, 2021, AHP has started sending letters to people whose information may have been involved in the incident. AHP offers free credit monitoring and identity theft protection services to eligible individuals. AHP has also set up a dedicated, toll-free call center to answer questions that individuals may have. If individuals have questions, they should call 855-545-2003, Monday through Friday, between 8:00 a.m. and 5:30 p.m. central time. Additional information is also available at: https://www.ahpcare.com/.
The AHP recommends that people regularly review the explanation of benefits received from their health insurer. If they see any services they did not receive, they should contact the insurer immediately.
AHP regrets any inconvenience or concern this may cause. To prevent a similar incident from happening again in the future, AHP provided extensive training to its employees regarding phishing emails and other cybersecurity issues and improved existing security measures.
SOURCE Baker & Hostetler LLP