Vendor Breach Impacts State Employees
Subcontractor Incident Involves 60,000 Tenn. Health Plan Members
Tennessee government employees are being warned about a data breach involving a subcontractor for the state's wellness vendor, Healthways, which resulted in the exposure of sensitive information.
See Also: The Guide to Just-In-Time Privileged Access Management
The subcontractor, Onsite Health Diagnostics, offers employee health screenings to the state's health plan members. Onsite says it determined through an investigation that an unknown source gained unauthorized access to one of its computer systems during the period from Jan. 4 to April 11, possibly accessing information on 60,000 individuals, according to a notice posted to the state's Benefits Administration website.
Information that might have been accessed includes names, dates of birth, addresses, e-mail addresses, phone numbers and gender. Social Security numbers, employee ID numbers and other medical information were not compromised, Onsite says.
In order to provide its services, Onsite says it stores some personal information of health plan members. "OHD and investigating authorities are unaware of any identity theft related to this incident, but out of an abundance of caution, OHD has mailed letters to the affected health plan members to ensure that they are aware of the incident and can take steps to protect their information," the subcontractor says.
Impacted individuals are being offered free identity theft protection services for one year through ID Experts. The service also includes a $20,000 insurance reimbursement policy in the event of identity theft and access to fraud resolution representatives, Onsite says.