Healthcare Compliance Training and Certification

HIPAA News

Phishing Attack on Nebraska Life Insurance Company

by | Aug 1, 2024

United of Omaha Life Insurance Company based in Nebraska has reported a phishing email that led to a protected health information (PHI) breach involving 107,894 individuals. The insurer discovered the breach on April 23, 2024 upon identification of anomalous activity in the email account of an employee. United of Omaha noticed a third party’s unauthorized access to the account and blocked the account access by altering the Microsoft account passwords of the employee and by reporting and blocking the domain connected with the phishing attack.

The forensic investigation affirmed that access was acquired to the email account after a phishing campaign sent to employees solicited an employee’s response and exposed their credentials. The investigation showed unauthorized access to the email account from April 21 to April 23, 2024. The activity was confined to that account and the breach did not affect other systems or networks.

The email account was analyzed to determine the types of information that were possibly accessed or stolen. The analysis was finished on June 28, 2024. United of Omaha stated the unauthorized third party failed to email any information from the account, however, unauthorized access to emails and attachments cannot be ruled out.

The emails and attachments included data associated with the products offered by United of Omaha’s group insurance. Though it wasn’t possible to know the actual types of data breached per person, they likely included complete names, demographic data such as addresses and birth dates, medical insurance policy numbers, employment data, Social Security numbers, driver’s license numbers, and limited health data. After the completion of its investigation, data breach notification letters were sent to all individuals whose data was impacted by the data breach.

Although there seems to be no improper use of the stolen data, the impacted persons were provided one year of free identity theft protection services. United of Omaha has likewise provided further training to the employees on cybersecurity particularly recognizing and reporting phishing attacks, which is also required in HIPAA certification.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy