AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey Provides Notice of a Privacy Incident
Cranbury, NJ, September 17, 2018 — AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey (“AmeriHealth”) are providing notice to certain members of a recent incident involving protected health information.
On July 19, 2018, the AmeriHealth Privacy Office was notified that certain member information may have been accessible for unauthorized viewing. We quickly launched an investigation to determine the nature and scope of this incident, working with a leading forensics investigation firm to confirm what happened and what information may have been affected. The investigation determined that an employee uploaded a file containing limited member information to a public-facing website that was publicly accessible between April 23, 2018, and July 20, 2018. After thorough investigation, AmeriHealth is unable to determine if protected health information was accessed, and is unaware of any actual or attempted misuse of this information. In an abundance of caution, AmeriHealth is notifying affected members about this incident and will be offering access to 24 months of free triple-bureau credit monitoring and identity protection services. Less than 1% of AmeriHealth members were impacted by this incident.
The investigation confirmed the information present on the website included the following information related to the affected members: member name, date of birth, diagnosis codes, provider information, and other information used for claim processing purposes. This incident did not involve any social security numbers, financial information or credit information.
Information privacy and security are among AmeriHealth’s highest priorities. AmeriHealth has strict security measures in place to protect information in their care. Upon learning of this incident, AmeriHealth quickly took steps to ensure the file was permanently removed from the website. AmeriHealth reviewed company policies and procedures and implemented additional technical controls to help prevent future incidents of this kind. We also ensured that the appropriate action was taken with the employee responsible for uploading the subject file.
Additional information, including information on how to protect against identity theft and fraud and how to contact AmeriHealth’s dedicated call center with questions about this incident, can be found at AmeriHealth’s website, amerihealthnj.com.
Manager, Public Relations
AmeriHealth New Jersey