Oscar Well being skilled an information breach it is blaming on a printing vendor, the corporate disclosed Friday.
The medical health insurance firm found on Nov. 23 that mail meant for some California policyholders might have been despatched to the improper clients. The letters embrace member names, supplier data, dates of service, and sorts of procedures and providers. Oscar Well being did not identify the seller it says is accountable.
The paperwork does not embrace Social Safety numbers, driver’s license numbers or any monetary data, in line with a discover from Oscar Well being.
Oscar Well being decided the incident possible occurred between Oct. 28 and Nov. 16 and has “taken steps to handle the matter with our print vendor,” the corporate reported.
Oscar Well being didn’t reply to questions on what steps it has taken, the identify of the seller or what number of members’ knowledge have been uncovered.
“Whereas we don’t imagine there was a misuse of any private data, we’re notifying our affected members out of an abundance of warning,” the insurer’s discover says. “All mailings that will have been impacted by this incident have been re-sent accordingly. Moreover, we now have despatched particular person notices to these members whose private data was impacted by the occasion.”
On the time this text revealed, the incident had not been posted to the breach portal maintained by the Well being and Human Companies Division’s Workplace for Civil Rights. Beneath the Well being Insurance coverage Portability and Accountability Act, healthcare suppliers and insurers are required to reveal breaches affecting a minimum of 500 individuals inside 60 days of discovering them.
Oscar Well being, based in 2012, was considered one of 4 insurtechs to go public final yr. The corporate had practically 600,000 particular person, household, Medicare Benefit and small-group plans policyholders as of September. The insurer additionally sells its know-how platform to different payers and suppliers.
Extra healthcare knowledge breaches occurred final yr than any prior yr on report, in line with a overview of knowledge reported to the HHS portal. By way of mid-December, HIPAA-covered entities reported 664 incidents, greater than in all of 2020.