Health Plan of San Mateo
| Primary URL | Location | Industry | www[.]hpsm[.]org |
Country
United States of America
|
Healthcare
|
|---|
Profile
Health Plan of San Mateo, also known as HPSM, is a health insurance provider headquartered in the United States, serving the San Mateo region. The organization administers health coverage plans to its members, which involves the collection and management of personal and medical information. As part of its operations, HPSM handles protected health information, making it subject to federal privacy and security regulations governing healthcare data. Its core function is to facilitate access to healthcare services for enrolled individuals, though specific plan details or membership totals are not provided in available materials. The plan's activities are centered on managing member benefits and claims processing within its designated service area.
On January 17, 2023, HPSM experienced a data breach when an unauthorized party gained access to an employee's email account through a phishing attack. This security incident resulted in the exposure of sensitive member information, including names, dates of birth, member identification numbers, and other protected health data. The breach affected 11,894 individuals, as determined by HPSM following an investigation conducted with assistance from a third-party security firm. The organization confirmed the unauthorized access and took steps to contain the incident. HPSM subsequently notified all impacted members and reported the breach to federal regulators, adhering to mandatory breach notification requirements. This event is documented in a public legal news summary, which outlines the cause, scope, and regulatory response associated with the incident. The phishing method exploited a common vulnerability in email systems, highlighting persistent cybersecurity threats in the healthcare sector. No further details regarding the specific nature of the protected health information or the identity of the third-party firm are disclosed in the incident overview. The breach serves as a recorded instance of the organization's cybersecurity challenges and its procedural response to a significant data compromise.