On March 30, 2023, Santa Clara Family Health Plan (“SCFHP”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after learning that confidential consumer information in the company’s possession was subject to unauthorized access. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ protected health information, which may include medical records, Social Security numbers, past and current medications and health insurance information. After confirming that consumer data was leaked, SCFHP began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Santa Clara Family Health Plan, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Santa Clara Family Health Plan data breach, please see our recent piece on the topic here.
What We Know So Far About the Santa Clara Family Health Plan Breach
News of the Santa Clara Family Health Plan data breach is still fresh; however, what we know at this point comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”). However, the information provided on the HHS-OCR data breach investigations page is limited, only noting that the incident involved a “Hacking / IT Incident” of the company’s network server.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Santa Clara Family Health Plan began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your protected health information. Protected health information, or PHI, refers to any information you provide to a healthcare provider during the course of treatment, provided the data contains at least one identifier that enables anyone to connect the data to you. For example, test results on their own would not constitute PHI; however, if there was a name or Social Security number attached to the result, the data would be PHI.
On March 30, 2023, Santa Clara Family Health Plan sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the company’s filing, the SCFHP data breach affected the information of 276,993 individuals.
More Information About Santa Clara Family Health Plan
Founded in 1997, Santa Clara Family Health Plan is a community-based health plan located in San Jose, California. SCFHP serves more than 320,000 people through the company’s various products, including Medi-Cal, Cal MediConnect, and SCFHP DualConnect health care plans. Santa Clara Family Health Plan employs more than 241 people and generates approximately $75 million in annual revenue.