Fort Lauderdale, Fla.-based 20/20 Eye Care Network began notifying 3,253,822 patients that their files were potentially removed and then deleted from the health plan's networks, according to a news release on the incident.
Four things to know:
- On Jan. 11, the Florida payer was alerted to suspicious activity in its Amazon Web Services network. It promptly reviewed access credentials to the AWS environment, and credentials were reviewed and deactivated or reset appropriately.
- The company launched an investigation, which determined that on Jan. 11, data was potentially removed from the host network and all the data was then deleted.
- In late February, the investigation concluded that breached information included some or all health plan members for whom it had records. Exposed data includes Social Security numbers, birthdates and insurance-related information.
- The health plan is working to implement additional safeguards and training for its employees. The report filed with the Maine Attorney General discloses the incident as "insider wrongdoing"; however, it is unclear how that played a part in the breach.
Becker's Hospital Review has reached out to 20/20 Eye Care Network and will add any additional updates.