Health Share Oregon Announces Security Incident and Data Leak

• A contractor of Health Share Oregon has had their computer stolen, and thousands of members have been exposed.
• The information that has been compromised includes names, addresses, phone numbers, and social security IDs.
• Members are advised to impose a security freeze on their accounts and sign up for the identity theft protection service.

Not all data breaches happen via remote hacker attacks or by leaving an unprotected database online for anyone with a browser to access. According to a recent announcement by Health Share Oregon, they can also occur when someone straight out steals a computer and runs away with the valuable data that was stored in it. The non-profit organization which is responsible for serving health plans to the counties of Washington, Clackamas, and Multnomah, has informed the public that someone stole a computer from GridWorks, who is one of their transportation contractors.

IMPORTANT NOTICE: Health Share members’ personal information may have been exposed after a computer was stolen from our vendor, GridWorks. We take this matter seriously.

Free ID protection services are available to affected members.https://t.co/INRkbW0HBU
1-800-491-3163.

— Health Share Oregon (@HealthShareOR) February 5, 2020

Apparently, a computer containing the PII of Health Share Oregon members was in GridWorks’ offices when someone broke in and stole it on November 18, 2019. This computer contained the personal information of members of the Health Share Oregon, including their full names, addresses, dates of birth, Health Share ID numbers, social security numbers, and phone numbers. The organization clarifies that sensitive information such as the personal health histories of the members has not been exposed.

After conducting its internal investigation and figuring out what information has been compromised, Health Share Oregon started sending letters to all the people who have had their information stolen. At the same time, they informed the regulators of the incident and also told their partners to be careful too. In these letters, the organization is offering the exposed members with one year of free identity monitoring services which include credit card monitoring, fraud consultation, and identity theft restoration. While this doesn’t take the damage back, it is at least alleviating the consequences of the particular security incident.

It is very possible that the thief wasn’t going for this information, but was just casually stealing a computer. That said, it is likely that the information contained in the disks will not be used, shared, or sold. In the case of immediate formatting, which is the typical first action of these lifters, the files won’t even be discovered. If you are a member of the Health Share Oregon and need to address any questions or concerns to the organization, call them at the “1-800-491-3163” tool-free line. If you have not received a letter from them already, chances are you are not among the compromised individuals.