Arnot Health employees potentially affected by Magellan Health ransomware attack

Associated Press

Posted: Aug 12, 2020 / 03:15 PM EDT

Updated: Aug 12, 2020 / 03:15 PM EDT

(WETM) – Approximately 1,150 Arnot Health employees’ and family members’ health insurance accounts may have been compromised in a data security incident involving Magellan Health, according to Arnot.

Arnot says the hospital itself “has not experienced a data security incident, and none of its systems were compromised,” but said that they were a “covered entity” in a recent data breach experienced by Magellan Health.

Arnot Health was a “covered entity” in the data security incident experienced by Magellan Health by virtue of its group health plan’s indirect relationship with Magellan, which contracted with Arnot Health’s former health insurance plan administrator, ELMCO. Specifically, Magellan had provided pharmacy benefit administration services to ELMCO for Arnot’s self-insured employee health plan through December 2017. A total of approximately 1,150 Arnot Health employees’ and family member’ accounts may have been compromised in the Magellan Health data security incident.
Arnot Health

A synopsis of Magellan’s notification to consumers of the data security incident follows:

Magellan Health, Inc. and its subsidiaries and affiliates (“Magellan”) recently discovered a ransomware attack. They are providing notice of this incident, along with background information of the incident and steps that those affected can take. Magellan has a number of Arnot Health employee and family members’ personal information based on the services it provided to ELMCO, the former health insurance plan administrator for Arnot Health.
Immediately after discovering the incident, Magellan retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that the incident may have affected some of its customer’s members’ personal information. Magellan has no evidence that any personal data has been misused.
The personal information included names and one or more of the following: treatment information, health insurance account information, member ID, other health-related information, e-mail addresses, phone numbers, and physical addresses. No financial information was compromised.
Magellan immediately reported the incident to, and is working closely with, law enforcement including the FBI. To help prevent a similar incident from occurring in the future, Magellan has implemented additional security protocols designed to protect our network, email environment, systems, and personal information

Consumers interested in learning more about ways to protect themselves or determine if their health plan or employer was affected can call 888-451-6558 or visit https://www.magellanhealth.com/news/security-incident