Skip to main content

Tufts Health Plan Reports Breach Affecting 60K

Analysis  |  By Revenue Cycle Advisor  
   December 08, 2020

The breach stems from a security incident at EyeMed, which manages vision benefits for Tufts Health Plan.

A version of this article was first published December 8, 2020, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

Tufts Health Plan, a Massachusetts-based health insurance company, reported a breach on November 25 that affected 60,545 individuals, according to the Office for Civil Rights (OCR) breach report.

The breach stems from a security incident at EyeMed, which manages vision benefits for Tufts Health Plan.

On July 1, EyeMed discovered that an unauthorized individual gained access to an EyeMed email mailbox and sent phishing emails to email address contained in the mailbox’s address book, according to a security notice posted on its website. EyeMed said it promptly blocked the unauthorized individual’s access, secured the mailbox, and launched an investigation into the incident.

The investigation determined that the exposed protected health information (PHI) and personal information of individuals may have included the following:

  • Address
  • Date of birth
  • Driver’s license or other government identification number
  • Email address
  • Health insurance account/identification number
  • Medicaid or Medicare number
  • Phone number
  • Vision insurance account/identification number
  • Social Security numbers

EyeMed was not aware of any misuse of the information, but it mailed letters to affected individuals and established a dedicated call center to answer any questions individuals may have about the incident.

EyeMed also implemented extra security measures to its network and is providing additional security awareness training.

The letters mailed to individuals include an offer for free credit monitoring and identity protection services for two years, according to EyeMed. The company also encouraged affected individuals to review financial statements, credit reports, and statements received from their health insurers.

Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.


Get the latest on healthcare leadership in your inbox.