Third-Party Vendor of McLaren Health Plan Subject of Phishing Attack

Date03 Dec 2019

Comment0

CategoriesConsumer Protection, Employment & Technology Archive

McLaren Health Plan Notifies Members of Phishing Attack at One of Its Third-Party Vendors

Beckershospitalreview.com reported (“Michigan insurer alerts members of data breach”) that “. . . McLaren Health Plan began notifying members Nov. 27 of a phishing attack at one of the insurer’s third-party vendors, according to mlive.com.”

According to mlive.com (“McLaren patient information may have been accessed in phishing scam”):

Magellan Health, Inc. announced Wednesday Nov. 27, its subsidiary, Magellan Rx Management, discovered that an anonymous, unauthorized third party accessed the email account of one employee who handled member data for McLaren Health Plan in Flint.”

Magellan Rx was contracted with McLaren Health Plan through December 31 of 2018, according to a Magellan Rx Management news release.

On July 5, Magellan Health, Inc. learned an unauthorized party accessed an employee’s email May 28. The company immediately secured the employee’s email account and conducted a “thorough investigation” of all email accounts and all other Magellan systems.

Beckershospitalreview.com reported that “Patient data that may have been exposed included names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information and authorization information.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.