Lucent Health Solutions says cyber attack impacted over 37,000 individuals

Healthcare services provider Lucent Health Solutions said that the data security incident it suffered last year compromised the sensitive personal information of more than 35,000 individuals.

 

Headquartered in Nashville, Tennessee, Lucent Health Solutions offers self-funded health plans and cost-containment strategies for corporate workers.

 

In a data security incident notice posted on its website this week, Lucent Health said that on October 2, a California-based employee fell victim to a phishing email that appeared to be from a trusted source.

 

Lucent Health’s IT Team identified suspicious activity on the employee’s email account and promptly eliminated the access. The company also launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

“During our investigation, Lucent Health determined that one email account was subject to unauthorised access for a limited period (approximately ninety (90) minutes), and that the unauthorised individual queried select search terms.

 

“The cybersecurity firm confirmed no information was downloaded or electronically transferred from the email account, and they did not identify evidence that the unauthorised individual actually viewed any information. Lucent Health, however, cannot confirm if certain emails and information were accessed,” reads the notice.

 

While the company said that no confidential sensitive personal data was compromised, it said in a filing with the U.S. Department of Health and Human Services Office for Civil Rights that it identified at least 37,000 individuals who were affected during the incident. The compromise data included names, demographic information, Social Security numbers, health insurance information, treatment information, and medical diagnosis information.

 

The healthcare service provider added it found no evidence of the compromise data being misused, however, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.