Menu
Browse

Performance Health Technology

Aliases: 2 aliases
Primary URL Location Industry
phtech[.]com
Country United States of America
Technology Icon
Technology
Profile

Performance Health Technology, also known by the alias PH TECH, is a health technology organization headquartered in the United States of America. The organization maintains electronic files that contain personal and protected health information for a large base of individuals. These files include specific data elements such as full names, dates of birth, Social Security numbers, member identifiers, and detailed health claims information. By handling this combination of identifiers and health‑related data, PH TECH functions within the regulated health information management sector. The organization's technology services are centered on the storage, processing, and safeguarding of health claims and member data. As a custodian of protected health information, PH TECH is subject to federal privacy standards that govern the handling of such data in the United States. Its operational focus places it among vendors that support health plans and related entities in managing member health records.

On May 30, 2023, PH TECH experienced a cybersecurity incident in which an external actor breached its third‑party file transfer software, Progress MOVEit. The breach occurred when the attacker exploited a vulnerability present in the MOVEit application to gain unauthorized access to stored files. The compromised files contained the personal and protected health information of approximately 1.7 million individuals. Specifically, the exposed data included names, dates of birth, Social Security numbers, member IDs, and health claims details for each affected person. In response to the incident, PH TECH issued a breach notification through its website and informed the impacted individuals of the exposure. The organization offered affected persons complimentary credit monitoring and identity theft protection services to help mitigate potential harm. Public notices filed with the state of Maine and news reports indicated that Oregon Health Plan members were among those urged to monitor their credit following the breach. The incident highlights the risks associated with reliance on third‑party file transfer solutions and the importance of timely vulnerability management.

Incidents
Linked incidents available to members
1 incident