Radiology and healthcare benefits management firm Magellan Health Services has notified Geisinger Health Plan that some of its members may have been affected by a security incident.
Magellan alerted Geisinger on September 24 that the company found an employee's email account had been sending large volumes of spam email, according to an October 22 report in the Daily Item. A follow-up investigation found several unauthorized mailbox authentications and connections originating from outside the U.S. through the employee's email account since May.
The unknown hackers obtained the employee's email login credentials and may have had access to health plan information of members, such as their name, patient/client ID, type of service, authorization ID, and diagnosis. Magellan believes the hackers were only trying to access the employee's account to send out the spam emails and did not intend to gather member data.
Magellan was hired by Geisinger to manage radiology benefits but no longer provides those services.