Oscar Health discloses data breach after mailing error
The company disclosed on Friday that Oscar Health suffered a data breach that it blamed on a printing supplier.
The health insurer discovered on Nov. 23 that mail to some California policyholders may have been sent to the wrong customer. These letters include member names, provider information, dates of service, and types of programs and services. Oscar Health did not name the supplier it said was responsible.
The documents did not include Social Security numbers, driver’s license numbers or any financial information, according to one company. Notice From Oscar Health.
Oscar Health determined that the incident likely occurred between October 28 and November 16, and has “taken steps to resolve the matter with our print supplier,” the company reported.
Oscar Health did not answer questions about what steps it took, the names of suppliers or how much member data it exposed.
“While we do not believe any personal information has been misused, out of an abundance of caution, we are notifying affected members,” the insurance company’s notice said. “All mailings that may have been affected by this incident have been resent accordingly. In addition, we have Send personal notifications to members whose personal information was affected by the incident.”
At the time of this article’s publication, the event had not been posted to Breach Portal Maintained by the Office of Civil Rights of the Department of Health and Human Services. Under the Health Insurance Portability and Accountability Act, health care providers and insurers are required to disclose violations affecting at least 500 people within 60 days of discovering the violation.
Oscar Health was established in 2012, One of the Big Four InsurTechs Listed last year. As of September, the company had nearly 600,000 individual, family, Medicare Advantage and group plan enrollees.Insurance companies also sell its technology platform to other payers and providers.
There were more healthcare data breaches last year than in any previous year, according to a statistic since records began. Review data reported to the HHS portal. As of mid-December, HIPAA-covered entities reported 664 incidents, more than for all of 2020.