State insurance provider TennCare began notifying 43,847 members Nov. 8 that their information may have been exposed in a security incident at the agency's pharmacy management vendor, according to the Tennessean.
Vendor Magellan Health System discovered in July that an employee had fallen victim to a phishing attack, giving an unauthorized third-party access to client information. Magellan informed TennCare of the incident in September.
Member data that may have been exposed included names, Social Security numbers, member identification numbers, health plans, provider names and the names of drugs that members have been prescribed.
Magellan said there is no evidence that member information has been used.