PHOENIX (WSMV) - Magellan Health, Inc. announced Friday its subsidiary, Magellan Rx Management, discovered a security incident involving TennCare.
According to a news release, Magellan Rx Management discovered an anonymous, unauthorized third party accessed the email account of one employee who works with member data for The Division of TennCare.
The incident was discovered on July 5, 2019 after unauthorized access to the employee's email account happened on May 29, 2019. TennCare was notified on Sept. 11 of the incident. The employee's email account was immediately secured and a thorough investigation of all email accounts and other Magellan systems was conducted.
The employee is believed to have been the target of a phishing scam and the email account was likely hacked in order to send out email spam.
Due to the hacking, members' protected health information may have potentially been accessed. The hacked email account included information such as a member's name, social security number, member ID, health plan name, provider name and drug name.
A third-party expert was called in to assist in the investigation that found no evidence the hackers successfully accessed viewed or tried to use the information in the employee's email account. the investigation also found no compromise or unauthorized access into any other company systems housing personal information of members.
Impacted members have been notified of the incident and have been offered credit monitoring services via ID experts. Those who have questions about the safety of their account should call 833-959-1351 Monday-Friday from 9 a.m. - 9 p.m. eastern time or visit the website.
Megellan Health would like to remind its members that safeguarding their information security of their health plans is a top priority and that they take this matter very seriously.
Law enforcement was notified about the situation and the company also implemented advanced security and authentication features in order to further protect the email system. Mandatory training is also being updated to help employees keep their computers and personal information more secure.