Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Signature Performance hack affects 106,540 patients

Written by Caitlin Anthoney | June 23, 2024

On June 10, 2024, Signature Performance, Inc. reported a data breach affecting 106,540 UNC Health Southeastern patients. The breach compromised sensitive information, including names, addresses, medical records, and more.

 

What happened

Nebraska-based business associate Signature Performance Inc. detected unauthorized access to confidential consumer data between January 17 and 18, 2024. 

The breach exposed patients' sensitive information, including names, addresses, phone numbers, Social Security numbers, medical records, Medicare/Medicaid IDs, and health insurance details. In response, the company launched an investigation and promptly began notifying affected individuals through data breach notification letters.

 

What was said

According to Signature Performance's notification letters,In response to this incident, Signature notified law enforcement and implemented additional security measures to further minimize the risk of a similar incident occurring in the future.”

Signature then reassures affected patients, stating thatWhile Signature has no reason to believe any of the information described above has been misused, in an abundance of caution, Signature is providing you with access to Single Bureau Credit Monitoring/Credit Report/Credit score services at no charge.”

Furthermore,Signature is providing you with proactive fraud assistance to help with any questions that you might have or in event that you become a victim of fraud,through Cyberscout fraud assistance and remediation services.

 

By the numbers 

  • Signature Performance, Inc. processes over 1.5 million claims per month.
  • The company has recovered more than $1 billion in revenue for its clients.
  • Signature Performance employs over 1,500 people.
  • The company generates approximately $317 million in annual revenue.

 

In the know

According to HIPAA regulations, a business associate is defined as an individual or entity responsible for performing specific functions or providing services on behalf of a covered entity (healthcare provider, health plan, or healthcare clearinghouse). 

Healthcare providers, like UNC Health Southeastern, often depend on business associates to handle tasks involving protected health information (PHI). As a business associate, Signature Performance manages large-scale healthcare data and is obligated to implement technical safeguards to protect PHI from unauthorized access and data breaches.

Go deeper: What does it mean to be a business associate?

 

The bottom line

Business associates must enhance their cybersecurity measures and ensure compliance with HIPAA regulations, mitigating the risk of potential data breaches. Additionally, affected individuals should take proactive steps to monitor their financial accounts and take advantage of the fraud assistance offered. 

Related: HIPAA Compliant Email: The Definitive Guide