The California Attorney General's Office disclosed a data breach affecting L.A. Care Health Plan in March 2019. The incident, spanning from June 1, 2018, to January 30, 2019, stemmed from a system error that caused member ID cards to be mismatched and mailed to incorrect recipients. While the exposed data included names, member numbers, medical group names, and health plan names, it did not involve highly sensitive details like Social Security numbers, financial records, or clinical information. The breach primarily posed a reputational and administrative risk, as incorrect recipients may have temporarily accessed non-critical member data. However, there was no evidence of malicious exploitation, identity theft, or financial fraud linked to the incident. L.A. Care Health Plan likely implemented corrective measures, such as reissuing accurate ID cards and notifying affected members, to mitigate potential confusion or misuse. The breach highlighted vulnerabilities in data handling processes but did not result in severe operational or security consequences for the organization or its members.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-145516
TPRM report: https://www.rankiteo.com/company/lacarehealth
"id": "lac1003091725",
"linkid": "lacarehealth",
"type": "Breach",
"date": "3/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Los Angeles, California, USA',
'name': 'L.A. Care Health Plan',
'type': 'Healthcare Provider / Health Plan'}],
'data_breach': {'data_exfiltration': 'No (data was mismatched and sent to '
'incorrect members, not exfiltrated)',
'personally_identifiable_information': ['Names',
'Member numbers'],
'sensitivity_of_data': 'Moderate (no SSNs or financial data, '
'but health-related identifiers)',
'type_of_data_compromised': ['Names',
'Member numbers',
'Medical group names',
'Health plan names']},
'date_detected': '2019-01-30',
'date_publicly_disclosed': '2019-03-18',
'description': "The California Attorney General's Office reported a data "
'breach involving L.A. Care Health Plan on March 18, 2019. The '
'breach occurred between June 1, 2018, and January 30, 2019, '
'due to a system error that resulted in member ID cards being '
'mismatched and sent to incorrect members. The affected '
'information included names, member numbers, medical group '
'names, and health plan names, but did not include sensitive '
'information such as Social Security numbers.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'misdirected sensitive member '
'information',
'data_compromised': ['Names',
'Member numbers',
'Medical group names',
'Health plan names'],
'identity_theft_risk': 'Low (no SSNs or highly sensitive PII '
'exposed)'},
'investigation_status': 'Reported; no further details on investigation '
'outcomes',
'post_incident_analysis': {'root_causes': 'System error leading to mismatched '
'member ID cards'},
'references': [{'date_accessed': '2019-03-18',
'source': "California Attorney General's Office"}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(unauthorized disclosure '
'of PHI)',
'California data breach '
'notification laws (Civil '
'Code ยง 1798.82)'],
'regulatory_notifications': 'Reported to California '
"Attorney General's "
'Office'},
'response': {'communication_strategy': 'Public disclosure via California '
"Attorney General's Office report "
'(March 18, 2019)'},
'title': 'L.A. Care Health Plan Data Breach Due to System Error',
'type': 'Data Breach (System Error / Misdirected Information)'}