Surveillance leads to data breaches in Choice Health Insurance Console and collaborators, computer

Choice Health Insurance recently reported a data breach after the company discovered that an unauthorized person was offering data obtained from Choice Health systems for sale on a popular hacker website. According to Choice Health, the breach led to compromise of full names, social security numbers, Medicare information and health insurance information of certain individuals. On June 8, 2022, Choice Health filed a formal notice of the breach and sent letters of breach to all affected parties.

If you have been notified of a data breach, it is important that you understand what is at risk and what you can do about it. To learn more about how to prevent yourself from becoming a victim of fraud or identity theft and what your legal options are after a data breach with Choice Health Insurance, please see our recent article on the subject here.

More details on the cause and impact of the violation of health data in the choice

According to the official announcement submitted by the company, on May 14, 2022, Choice Health learned that an unauthorized country was offering to sell data that were allegedly obtained from the company’s system. In response, Choice Health Insurance launched an investigation into the incident, and on May 18, 2022, the company learned that “due to a technical security configuration issue caused by a third-party service provider, a Choice Health database was accessible online.” Based on the company’s investigation, the Choice Health files were available on or about May 7, 2022.

After finding that sensitive user data was available to an unauthorized party, Choice Health Insurance reviewed the affected files to determine exactly what information was compromised and to whom it belonged. Although the information violated varies from person to person, it may include your first and last name, social security number; Medicare Beneficiary Identification Number; date of birth; address and contact information; and health insurance information.

On June 8, 2022, Choice Health Insurance sent data breaches to all individuals whose information had been compromised as a result of a recent data security incident.

More information about Choice Health Insurance

Choice Health Insurance is an insurance company based in Myrtle Beach, South Carolina. Choice Health is an independent broker, which means that the company offers insurance products through various suppliers. Some of the plans offered by Choice Health include those released by Humana, WellCare Healthplans, Anthem BlueCross BlueShield, Mutual of Omaha, United Healthcare, Cigna and Aetna. Choice Health also offers plans through healthcare.gov. Choice Health Insurance currently employs more than 130 people and generates approximately $ 33 million in annual sales.

Who is responsible for data breaches?

Choice Health noted in its letter to patients affected by the breach that it stemmed from a “technical security configuration problem” with a third-party service provider. Based on this claim, it appears that the unauthorized access does not include Choice Health’s IT system, but the system of another company to which Choice Health has entrusted information to its customers. After a data breach, especially one involving multiple companies, victims wonder who could be held responsible for leaking their information.

Under data breach and consumer protection laws, every organization that holds user data has an obligation to protect the information it holds. Of course, this includes those organizations that receive information about consumers directly from the consumer. However, it also applies to third party companies, suppliers, service providers and contractors who receive data through the company that was originally responsible for storing user data.

In the event of a breach of Choice Health data, there is no indication that Choice Health has been negligent in maintaining its own data security systems. However, depending on how the investigation turns out, Choice Health may have inadvertently entrusted the user data to a third-party service provider. For example, this may be the case if Choice Health knew or had reason to believe that the service provider had a history of improper handling of user data.

Of course, an unnamed service provider can also potentially be held independently responsible for the breach. Organizations and their data security systems are the first line of defense against cyber attacks, and those companies that choose not to maintain adequate data security systems put users’ information at risk.

The bottom line is that data breach laws provide a mechanism for data breach victims to sue the company responsible for the breach. However, determining which company is responsible requires in-depth knowledge of complex data breach laws. Those looking for answers as a result of data breach with Choice Health Insurance should consult an experienced data breach attorney to learn more about their rights.

Leave a Comment

Your email address will not be published.