Skip to main content

Minnesota-based Health Plan Suffers Breach Impacting More Than 65K Individuals

Analysis  |  By Revenue Cycle Advisor  
   January 19, 2021

On December 30, SCHA contacted potentially impacted individuals for notification and offered complimentary credit monitoring and identity protection services.

A version of this article was first published January 19, 2021, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

South County Health Alliance (SCHA), a health plan based out of Owatonna, Minnesota, reported a security breach on December 31 affecting 66,874 individuals, according to the Office for Civil Rights (OCR) breach report.

In a security notice posted on its website, SCHA said on September 14 it discovered that unauthorized access to an employee email account had occurred in late June.

SCHA engaged cybersecurity experts to assist with its investigation, which found that personal and protected health information (PHI) belonging to members may have been accessible in the account.

Based on the investigation, the following information may have been involved:

  • Address
  • Date of death
  • Diagnostic or treatment information
  • Health insurance information
  • Medicare and Medicaid number
  • Name
  • Provider name
  • Treatment cost information
  • Social Security number

On December 30, SCHA contacted potentially impacted individuals for notification and offered complimentary credit monitoring and identity protection services.

The organization also set up a toll-free call center to answer questions about the incident and help impacted members enroll in their complimentary services.

Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.


Get the latest on healthcare leadership in your inbox.