A data breach has compromised the personal patient information of a regional Medi-Cal Managed Care system.
The data breach impacting Fresno-based CalViva Health members happened Jan. 25 and was announced last week. Health Net Community Solutions, Inc., CalViva’s business associate, discovered the cyberattack.
One of Health Net’s vendors, Accellion, experienced a file transfer platform that was compromised. The transfer allowed a malicious party to view or download data files dated from Jan. 7 to Jan 25. Health Net notified and confirmed to CalViva that the incident impacted some of its members.
Accellion is a third-party Palo Alto-based company that aims to prevent cybersecurity breaches. After cybersecurity forensics company FireEye Mandiant investigated the attack, it concluded that there are no other exploited gaps in Accellion’s system.
Health Net has since ceased using Accellion’s services, and has removed all CalViva Health data from Accellion’s systems.
There has been no indication that members’ information was used maliciously, but out of caution, CalViva Health recommends that potentially affected members take steps to secure their information.
Individuals have been notified and offered resources including one year of free credit monitoring and identity theft protection services.