AG: Michigan consumers' personal info exposed in health-care data breach
A data breach at a national health company is believed to have exposed the personal and medical information of Michigan consumers, state officials announced Thursday.
It is unclear how many patients were affected by a breach at the Puerto Rico-based Inmediata Health Group, which provides billing and administrative services to health care providers and health plans, Michigan Attorney General Dana Nessel's office said in a statement.
Nessel’s Corporate Oversight Division is seeking details, according to the release.
Her office learned about the breach, which exposed information such as addresses and Social Security numbers, when two consumers called its Consumer Protection Division after receiving multiple letters last month, including some addressed to other people.
“We have an opportunity to improve Michigan law by adding the Attorney General’s Office as a required state department to be notified by companies impacted by data breaches,” Nessel said. “Data breaches can be devastating to the affected individuals. It’s important this office provide affected customers with any and all available resources to help limit the effects of this — or any — breach. And today, we’re doing just that.”
The company said it became aware in January of "a data security incident that may have involved the limited personal and medical information of some of its customers’ patients." It said electronic health information was viewable online "due to a webpage setting that permitted search engines to index internal webpages that are used for business operations."
The company said it immediately deactivated the website and sought an independent "digital forensics" firm to help investigate. There is no evidence that files were copied or saved, the company said.
"... To date, we have not discovered any evidence to suggest that any information potentially involved in this incident has been subject to actual or attempted misuse," it said.
Inmediata mailed letters to patients potentially affected to notify them and to provide resources to help them, the company said.
People who have been notified that their information may have been exposed in the breach should closely monitor their financial accounts, said Anita G. Fox, director of the Department of Insurance and Financial Services. “If suspicious activity is detected, it should be immediately reported to the individual’s financial institution.”
Those affected can also seek a free credit report at annualcreditreport.com or by calling 877-322-8228 and put a fraud alert on their credit file.
For information, the company is offering a toll free information hotline at (833) 389-2392.