Insurance Fraud NEWS
Insurer Dominion national reports server hack that began August 2010
June 24, 2019, Richmond, VA
Virginia-based Dominion National is notifying patients that their personal and medical data was potentially breached during a nearly nine-year hack on its servers. Dominion is an insurer and administrator of dental and vision benefits and also serves as a health plan administrator.
Officials received an internal alert about unauthorized access and launched an investigation. They discovered an unauthorized party accessed some of Dominion National’s computer servers, beginning as early as August 25, 2010 – nearly nine years before the investigation concluded on April 24, 2019.
The notice did not explain what spurred the internal alert, nor when they first discovered the hack. However, the notice was sent about 60 days after the investigation concluded. It's important to note that under HIPAA, covered entities are required to report breaches within 60 days of discovery.
Upon discovery, officials said they took steps to quickly clean the impacted servers and launched a review. Dominion National determined the hackers were potentially able to access enrollment and demographic data of current and former members of the insurer’s vision plan, and data of individuals of dental and vision benefits. The servers also contained the data of plan producers and health providers.
The compromised data varied by individual, which could include names, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, subscriber numbers, addresses, and email addresses.
According to officials, the insurer has since enhanced its monitoring and alerting software. Dominion National also reported the security incident to the FBI. All patients will receive two years of credit and fraud protection services.
“We recognize the frustration and concern that this news may cause, and rest assured we are doing everything we can to protect your information moving forward,” Dominion National President Mike Davis, said in a statement. “We are committed to making sure you get the tools and assistance you need to help protect your information.”
The breach has not yet been added to the Department of Health and Human Services breach reporting tool, so its currently unclear how many patients were impacted by the security incident. This story will be updated if more information becomes available.
The healthcare sector continues to be plagued with server-related breaches. A recent Clearwater report found that the majority of breaches in 2018 were in some way caused by a server, with about 63 percent of all critical and high risks caused by an inadequately addressed security flaw in servers.
To better detect unauthorized access, Clearwater researchers recommended organizations use security controls to automatically disable or remove dormant accounts, or frequently review user permissions. Larger organizations, such as insurers, can utilize a log analyzer to automatically aggregate and analyze activity logs.
“A program with this functionality can more likely readily identify potential malicious activity caused by multiple system weaknesses,” the researchers wrote, at the time. “The frequency of such reviews will be dictated by the number of system users and the frequency of user turnover. However, for those systems with 100 or more users, user permission reviews conducted at least quarterly are recommended.”
Source: HealthIT Security