Flint, Mich.-based McLaren Health Plan began notifying members Nov. 27 of a phishing attack at one of the insurer's third-party vendors, according to mlive.com.
Magellan Rx Management, which was contracted with McLaren Health Plan through Dec. 31, 2018, discovered that an employee's email account was affected in a phishing attack. The vendor learned of the phishing attack in July.
Patient data that may have been exposed included names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information and authorization information.
McLaren Health Plan was notified about the incident in October. Magellan Rx does not believe that any member information has been misused. The third-party vendor said the unauthorized person used the email to send out spam.