Magellan Health is a for-profit healthcare provider based out of Pheonix, Arizona. It is a subsidiary of Centene and focuses on specialty healthcare.
The breach was an attack on a Magellan subsidiary, Magellan Rx Management. In September 2022, Magellan agreed to pay a $1.43 million settlement. The breach impacted multiple companies that used Magellan Rx, including McLaren Health, Florida Blue, Geisinger Health Plan, TennCare, and Presbyterian Health.
The breach occurred through a phishing attack on a Magellan Rx employee. The employee mistakenly offered sensitive information to the hacker, thus giving them access to specific systems within Magellan. Magellan refused to admit any wrongdoing regarding the breach but did end up agreeing to the settlement. The breach was discovered in June 2019, but Magellan did not notify affected individuals until November 2019, which is a HIPAA violation.
This breach occurred in May 2019.
The breach impacts a certain number of Magellan Rx users, which includes the aforementioned companies. The hack was initially thought to affect only 55,637 individuals, but further investigation has shown that the preconceived number, in actuality, was more than quadrupled.
The breach affected over 273,000 individuals. The information accessed in the breach varies depending on the individual but may include social security numbers, names, provider names, and other personal information; certainly the kind you wouldn’t want getting into the wrong hands.