On November 11, 2024, Humboldt IPA reported a phishing incident to HHS affecting protected health information (PHI) via a compromised email account. Initially, they used a placeholder figure of 500 for affected patients and indicated they were a healthcare provider. However, confusion arises as they are a third-party administrator but reported as a provider. The breach involved a successful phishing campaign and the unauthorized access of PHI, which included names, contact details, and health information. No identity fraud has been reported thus far, and guidance for patient protection was provided.
"Humboldt IPA is a third-party that administers health plans and healthcare services on behalf of providers, and they reported a breach involving protected health information."
"On June 28, 2024, Humboldt became aware of a phishing campaign designed to appear as a legitimate communication from one of our partners, leading to unauthorized access to a single email account."
Collection
[
|
...
]