Health Plan of San Joaquin notifying more than 420,000 of email hack last year

On or about October 12, Health Plan of San Joaquin (HPSJ) learned of unusual activity affecting its email system. On October 23, 2020, the investigation determined that an unknown person(s) had accessed a  number of HPSJ employee email accounts between September 26, 2020 and October 12, 2020. Yesterday, HPSJ sent out notifications and notified the Maine Attorney General’s Office of the incident, reporting that “the information that could have been subject to unauthorized access includes name, address, and Social Security number.”  Their notification did not indicate what else it included or whether all those being notified were health plan members or also included any employees or dependents.  DataBreaches.net has sent an email inquiry to HPSJ requesting clarification on how many people had ePHI potentially accessed or viewed and will update this post if a response is received. Although the health plan says they do not know for sure what was possibly accessed or viewed, those being notified were offered 12 months of credit monitoring with Equifax. All told,  420,433 have been sent notifications of this incident, which has not (yet) shown up on HHS’s public breach tool. The notification to regulators does not indicate how many employee email accounts were compromised, and whether they were all compromised by phishing or some other method      DataBreaches.netRead More