Outcomes One Data Breach Exposes Sensitive Information of 150,000 Individuals

Healthcare service provider Outcomes One disclosed that a data security incident earlier this year compromised the sensitive personal information of over 150,000 individuals.

 

Outcomes One is a healthcare technology platform that links pharmacies, payers, and pharmaceutical companies to enhance patient care and streamline operations. Its solutions include medication therapy management, patient engagement tools, and infrastructure for delivering expanded clinical services.

 

In a data security incident notice published on its website, Outcomes said that on July 1, it was a victim of an email phishing incident involving one of its employees. The healthcare service provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The affected employee noticed suspicious activity in his Outcomes email account and reported it to the Outcomes security team, which promptly took action to secure the account and engaged third-party specialists to help investigate the matter. No other email accounts were affected by this incident.

 

“During approximately one hour of unauthorised access to the account, various files and emails were accessed,” Outcomes said.

 

The compromised data included names, dates of birth, gender, phone numbers, health insurance information, including health plan names, service dates, health care IDs, diagnosis, and other medication information. The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, where Outcomes said it has identified at least 150,544 individuals impacted by the incident.

 

The company has confirmed that the Social Security numbers of affected individuals were not accessed by the threat actors.

 

“To help prevent a similar incident, we have implemented and will continue to evaluate enhanced safeguards and security measures to further protect our email system, and we have implemented enhanced employee training regarding phishing emails,” Outcomes added.

 

The company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.