The personal information of nearly 44,000 TennCare members may have compromised after a state contractor reported a security breach.
According to Magellan Health Services, who the state contracts to manage pharmacy benefits for TennCare, one of its subsidiaries discovered an unauthorized access of an employee's email account who handles member information.
The company said it learned about the incident on July 5, 2019. The email account at Magellan Rx Management had been accessed by an anonymous third party on May 28, 2019. The company believes the employee was targeted by a phishing scam and the account was accessed to send out more spam emails.
The company said it was determined on Sept. 10, 2019 that TennCare data may have been compromised in the incident, and it notified the Division of TennCare a day later.
The email account had TennCare member information such as names, Social Security numbers, member IDs, health plan names, provider names, and drug names.
The company said a third-party expert found no evidence that hackers actually accessed or viewed the information in the employee's email, though.
The Division of TennCare said it worked with Magellan Health to get a full understanding of the incident, as well as determine which members may have been impacted to notify them.
"We have confidence in Magellan and this process," Sarah Tanksley with the TennCare division said.
Magellan Health said it is notifying those who may have been impacted by the breach and offering one year of credit monitoring services and up to a $1 million in insurance reimbursements in the case of ID theft. Those who have questions can contact a toll-free number at 833-959-1351, which is available Monday through Friday, 9 a.m. - 9 p.m. ET or visit this website.
As of May 2019 when the breach happened, the Tennessee Division of TennCare reported that 1.4 million Tennesseans were enrolled in the program. TennCare said the breach specifically impacted 43,847 of those members.