Dive Brief:
- Pharmacy benefit manager Prime Therapeutics and its subsidiary Magellan Rx disclosed a data security incident on Wednesday that may have exposed personal health information from its covered Blue Cross and Blue Shield of Minnesota members.
- The PBM said an “unauthorized actor” gained access to a worker’s mobile email account, which included documents with data like members’ names, addresses, dates of birth, member ID numbers and medications used.
- Prime blacklisted the unauthorized user’s IP addresses and the company is monitoring for future login attempts, the PBM said in a news release. The company added that it has “obtained no evidence” to suggest the exposed information was accessed or misused.
Dive Insight:
The healthcare industry has become increasingly vulnerable to data breaches over the past decade as more companies rely on electronic health records and other digital tools to provide and manage care.
Breaches exposed 385 million patient records from 2010 to 2022, federal records show, and the number of breaches reported each year more than tripled during that time period. Hacking incidents have surged over the past five years, while other types of breaches, like unauthorized access and disclosure, theft and loss, have dipped slightly.
However, the cost of healthcare data breaches has increased significantly since 2020, reaching an average price tag of nearly $11 million in 2023, according to research conducted by the Ponemon Institute and published by IBM Security.
Prime, which said it became aware of the data security incident on July 11, advised beneficiaries to monitor any explanation of benefits statements they receive and contact member services if they see any unfamiliar services. The company said it had no additional comment when asked how many people could be affected.
The PBM, collectively owned by 19 Blue Cross and Blue Shield plans, completed the $1.35 billion purchase of specialty drug-focused Magellan Rx from Centene late last year.
