Dominion National Hacked: Patient Data Exposed for 9 Years

Servers at Dominion National have been hacked. The hack apparently went on for 9 years, exposing patient’s personal information.

Health insurer Dominion National might be looking to their insurance policy now. Their servers have been hacked and the hack has gone on for about 9 years now. From Health IT Security:

Virginia-based Dominion National is notifying patients that their personal and medical data was potentially breached during a nearly nine-year hack on its servers. Dominion is an insurer and administrator of dental and vision benefits and also serves as a health plan administrator.

Officials received an internal alert about unauthorized access and launched an investigation. They discovered an unauthorized party accessed some of Dominion National’s computer servers, beginning as early as August 25, 2010 – nearly nine years before the investigation concluded on April 24, 2019.

The notice did not explain what spurred the internal alert, nor when they first discovered the hack. However, the notice was sent about 60 days after the investigation concluded. It’s important to note that under HIPAA, covered entities are required to report breaches within 60 days of discovery.

Upon discovery, officials said they took steps to quickly clean the impacted servers and launched a review. Dominion National determined the hackers were potentially able to access enrollment and demographic data of current and former members of the insurer’s vision plan, and data of individuals of dental and vision benefits. The servers also contained the data of plan producers and health providers.

The compromised data varied by individual, which could include names, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, subscriber numbers, addresses, and email addresses.

June has really become a rather busy month for security incidences. The month started off with a bang with First American suffering from an 885 million file data leak. From there, Marriott’s parent company suffered from an 85.4GB data leak. After that, U.S. Customs and Border Protection suffered from a data breach. After that, Emuparadise suffered from a 1.1 million forum account data breach. Then, AMCA suffered from a 20 million patient data breach.

Towards the end of this month, it’s been a substantial string of incidences. First, Evite got hit with a 10 million user data breach. The next day, Eatstreet suffered from a 6 million user data breach. The day after saw the Desjardins 2.7 million customer data leak.

Today, it appears that security incident streak is continuing to 4 days in a row. The question is whether or not this particular streak end at this point.

Drew Wilson on Twitter: @icecube85 and Facebook.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.