A third-party vendor's security breach will affect approximately 2,000 MassHealth patients' PHI on July 29, 2021. The latest data incident was disclosed by Standard Modern Company, a third-party vendor that interacts with MassHealth, and it affects certain medical records (PHI) of Massachusetts citizens.
Standard Modern Company, located in New Bedford, is a vendor for the Massachusetts Executive Office of Health and Human Services that sends out emails to MassHealth subscribers. On July 20, SMC notified the US Department of Health and Human Services' Office for Civil Rights of the hacking incident.
According to the OCR, the breach impacted 2,707 people. SMC was alerted on May 24, 2021, that certain MassHealth members received messages containing personal information about other members that were delivered between May 10, 2021, and May 18, 2021, as per the data breach notice statement published.
SMC instantly ceased emailing to MassHealth subscribers after discovering the occurrence and launched an investigative report to establish the main cause. According to the news, an implementation mistake resulted in the printing of erroneous locations on a small number of alerts due to an internal software problem.
SMC halted the usage of this proprietary program and added extra controls and processes to avoid a recurrence of the problem. SMC has subsequently distributed the right information to MassHealth subscribers who were affected.
Members' identities, contact numbers, the last four digits of their Social Security numbers, and birth dates were all exposed in the cyber attack.
There are "no indications that any data was abused," according to the notification.
According to officials, “these letters to MassHealth members were suspended until the impacted individuals were identified and the underlying cause of the situation was established when we began our investigation of this issue.”
“We ceased using the application that caused the problem and established new controls and processes to enhance mailing procedures and avoid the incident from reoccurring,” they continued. In addition, to assist us in our investigation and reaction, we partnered with a renowned confidentiality law firm.
SMC has set up a helpline for those who have been affected. Call 800-405-6108 from 8 a.m. to 8 p.m. Monday through Friday if you need further information. From the date of this notification, representatives will be accessible for 90 days.
The letter ends, "Our investigation has given us no cause to suspect that documentation has been further used in an unlawful manner."
“However, if you are worried about the possible misuse of personal information, there are certain things you can do. Individuals should constantly examine account statements on a regular basis and report any unusual behavior to financial institutions.”
