Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
May 8, 2019
Company: UnitedHealth Group Health Plan Single Affiliated Covered Entity
Location: , Minnesota
Type of breach:
DISC
Type of organization:
MED
Records Breached:
20,536

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
May 18, 2012
Company: UnitedHealth Group health plan single affiliated covered entity
Location: , Minnesota
Type of breach:
DISC
Type of organization:
MED
Records Breached:
19,100

\N

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 1, 2012
Company: UnitedHealth Group health plan single affiliated covered entity
Location: , Minnesota
Type of breach:
UNKN
Type of organization:
MED
Records Breached:
6,678

\N

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
June 4, 2010
Company: UnitedHealth Group health plan single affiliated covered entity
Location: , Minnesota
Type of breach:
UNKN
Type of organization:
MED
Records Breached:
16,291

Paper correspondence to certain members in UnitedHealth's prescription drug plans were in advertently sent to the incorrect temporary address due to a database administration error. Approximately 16,291 individuals were affected by the breach. UnitedHealth member's name, plan number and in some instances, date of birth and/or limited medical information. United Health reported that it stopped using PDI's proprietary database for address updates and made outbound verifications calls to members to get accurate temporary addresses. United Health reported that it revised its address update process.
\

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
April 27, 2010
Company: UnitedHealth Group health plan single affiliated covered entity
Location: , Minnesota
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
735

On March 2, 2010, the covered entity (CE), UnitedHealth Group, discovered that remittance forms containing member information which accompany paper checks were stolen. The invoices contained the protected health information (PHI) of over 735 individuals. The types of PHI included demographic and claims information. The CE provided breach notification to HHS, affected individuals, and the media, and provided affected individuals with credit monitoring services. Following the breach, the CE reviewed its payment and remittance information controls and notified its provider call centers to remain on a high level alert to monitor all remittance payments. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Other, Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV