Wellsboro, Pa.-based Soldiers and
Universal American emailed the hospital requesting claims information on a specific list of Medicare supplemental insurance beneficiaries. On Dec. 5, 2013, a hospital employee responded and provided more information than was requested by the health insurance company for the Medicare beneficiaries on the list and also provided personal and health information of patients who were not on the list of beneficiaries, according to a breach notification letter sent to the Maryland Attorney General.
All of the information was sent in an unencrypted email to Universal American. The email included patients' names, addresses, Social Security numbers, dates of birth, health insurance information, payment information, encounter identification numbers, physician names and diagnosis codes, according to the notification letter.
Susquehanna Health was notified of the breach March 6, and immediately began an investigation into the matter. Through the investigation, Susquehanna Health learned Universal American had released the patients' information to one of its subcontractors for data analysis, according to the notification letter.
As a result of the breach, Susquehanna Health is offering all affected patients one year of identification theft protection and credit monitoring, according to the breach notification.
More Articles on Data Breaches:
Albany Medical Center Nurse Charged With Stealing Patients' Identities
Boulder Foothills Hospital Patients Receive Medical Records in Mail From Anonymous Whistle-Blower
UMass Memorial Medical Center Notifies 2,400 Patients of Compromised Data