A Michigan law firm recently told regulators about a hacking incident discovered nearly a year ago that has affected the protected health information of more than 255,000 individuals, including members of a Michigan health plan.
Warner Norcross & Judd LLP on Aug. 24 reported to the U.S. Department of Health and Human Services a hacking/IT incident involving a network server and affecting the PHI of 255,160 individuals.
The law firm also reported the incident to the state of Maine’s attorney general twice – first on July 11 as a hacking incident affecting about 19,000 individuals, including seven Maine residents, and then again in an updated report on Aug. 17, stating that the incident affected more than 214,000 individuals, including 131 Maine residents.
Priority Health in its breach notification statement about the WNJ incident says some of the data compromised – including member drug claim information – was a decade old. A Priority Health spokesperson says the legacy data was being used by WNJ for a project the law firm was working on for the health plan.
While the number of individuals that WNJ has reported to regulators as being affected by the incident has more than doubled in recent weeks, the number of Priority Health members affected is still 120,000, Priority Health says in a statement to Information Security Media Group.
