Oversight Leads to Data Breach at Choice Health Insurance | Console and Associates, PC

Recently, Choice Health Insurance reported a data breach after the company discovered an unauthorized party was offering data obtained from Choice Health systems for sale on a popular hacker website. According to Choice Health, the violation resulted in the compromise of the full names, social security numbers, Medicare information, and health insurance information of certain individuals. On June 8, 2022, Choice Health filed an official notice of the breach and sent data breach letters to all interested parties.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Choice Health Insurance data breach, check out our recent article on the subject. here.

Learn more about the cause and impact of choosing the health data breach

According to the official notice filed by the company, Choice Health learned on May 14, 2022 that an unauthorized party was offering to sell data allegedly obtained from the company’s system. In response, Choice Health Insurance initiated an investigation into the incident and, on May 18, 2022, the company learned that “due to a technical security configuration problem caused by a third-party service provider, a single database Choice Health was accessible via the network. ” Based on the company’s investigation, Choice Health files were accessible around May 7, 2022.

After discovering that sensitive consumer data was accessible to an unauthorized party, Choice Health Insurance examined the affected files to determine exactly what information had been compromised and to whom it belonged. Although the information being breached varies from individual to individual, it may include first and last name, social security number; Medicare beneficiary identification number; date of birth; address and contact information; and information on health insurance.

On June 8, 2022, Choice Health Insurance sent data breach letters to all individuals whose information was compromised following the recent data security incident.

Learn more about Choice Health Insurance

Choice Health Insurance is an insurance company based in Myrtle Beach, South Carolina. Choice Health is an independent broker, which means that the company offers insurance products through various providers. Some of the plans offered by Choice Health include those issued by Humana, WellCare Healthplans, Anthem BlueCross BlueShield, Mutual of Omaha, United Healthcare, Cigna, and Aetna. Choice Health also offers plans through healthcare.gov. Choice Health Insurance currently employs more than 130 people and generates approximately $ 33 million in annual sales.

Who is responsible for a data breach?

Choice Health noted in its letter to patients affected by the breach that it resulted from a “technical security configuration issue” at a third-party service provider. Based on this claim, it would appear that the unauthorized access did not involve Choice Health’s computer system, but the system of another company that Choice Health trusted with its customers’ information. Following a data breach, particularly one involving multiple companies, victims wonder who could be held responsible for the information leak.

Under data breach and consumer protection laws, any organization with consumer data has an obligation to safeguard the information it holds. Of course, this includes those organizations that receive consumer information directly from the consumer. However, it also applies to third party companies, vendors, service providers and contractors who receive the data through the company initially responsible for retaining consumer data.

In the case of Choice Health’s data breach, there is no indication that Choice Health was negligent in maintaining its data security systems. However, depending on the outcome of the investigation, Choice Health may have negligently entrusted consumer data to the third-party service provider. For example, this could be the case if Choice Health knew or had reason to believe that the service provider had a history of mishandling of consumer data.

Of course, the anonymous service provider could also potentially be independently liable for the breach. Organizations and their data security systems are the first line of defense against cyber attacks, and companies that choose not to maintain adequate data security systems put consumer information at risk.

The bottom line is that data breach laws provide a mechanism for data breach victims to pursue a claim against the company responsible for the breach. However, determining which company is responsible requires a thorough understanding of complex data breach laws. Those seeking answers in the wake of Choice Health Insurance’s data breach should consult an experienced data breach attorney to learn more about their rights.

Leave a Comment

Your email address will not be published.