CAMARILLO, Calif., October 5, 2018 – Gold Coast Health Plan (GCHP) values its relationship with its members and as such, places a high priority on its obligation to safeguard their health information. GCHP recently discovered that it suffered a phishing email attack, which resulted in potential disclosure of member health information to an unauthorized third party.
The phishing attack compromised a single employee’s email account, permitting the attacker to gain access to emails sent to the account between June 18, 2018 and August 1, 2018. Upon discovery of the incident on August 8, GCHP immediately stopped the attack and took the following actions: disabled the compromised account, required a password change, and maintained heightened monitoring to prevent any other suspicious activity from occurring. GCHP notified law enforcement of the incident and engaged a leading external cybersecurity firm to assess the potential disclosure of protected health information.
A thorough forensic investigation determined that the compromised email account affected members whose claims information was sent by email. The claims information included members’ health plan identification numbers, dates of medical service, and in some cases, member names, dates of birth, and medical procedure codes.
The social security numbers or financial information of GCHP members were neither accessed nor disclosed. GCHP is not aware of any misuse or attempted misuse of the health information of the affected members.
According to computer forensics experts and law enforcement, these types of attacks are usually financially motivated. Based on our investigation, we believe the perpetrators of the attack were trying to fraudulently transfer GCHP funds to their account.
We deeply regret the incident and the concern it has caused our members. In response, we have taken the following steps to protect against future incidents:
• Activated a series of enhanced security measures to improve information security.
• Continued employee information security awareness education with an expanded focus on phishing campaigns to help them recognize and avoid phishing emails, which are becoming more and more sophisticated.
GCHP is offering identity theft protection services through ID Experts, a data breach and recovery services expert, and providing affected members with MyIDCare. Affected members are advised to check copies of their credit reports and check for any medical bills they do not recognize. Reports can be ordered from the three credit reporting agencies free each year by calling 1-877-322-8228 or going to the Annual Credit Report website at www.annualcreditreport.com.
If any of the Plan’s members want to find out if they were affected by this data breach, they may call the toll-free hotline established for this purpose at 1-888-599-2126 Monday through Friday from 5 a.m. to 5 p.m. Further information for members is also available on GCHP’s website at https://www.goldcoasthealthplan.org.
About Gold Coast Health Plan
Gold Coast Health Plan proudly serves nearly 200,000 Medi-Cal beneficiaries in Ventura County through its network of primary care physicians, specialists, behavioral health providers, hospitals, and pharmacies. Since it was founded in 2011, Gold Coast Health Plan has been committed to providing access to high-quality care and improving the health of its members, which include 1 in 5 county residents, 1 in 8 seniors, and 1 in 2 children up to the age of 5. To learn more, visit: www.goldcoasthealthplan.org.