Web Notice: Magellan Breach

Info for members

June 26, 2020  

What Happened

National Imaging Associates (NIA), a division of Magellan, performs utilization management services on behalf of Tufts Health Direct members. This occurs when a provider requests coverage for a health care service for a member. We use NIA to review and authorize certain services.

On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client. Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. On May 28, 2020, Magellan’s investigation revealed that this incident may have affected the personal information of a small number of members. At this point, Magellan is not aware of any fraud or misuse of the personal information as a result of this incident.

What information was taken?

The hackers DID NOT have access to:

  • Social Security number or
  • Credit card, banking, or other financial details

The hackers may have access to: 

  • Member name
  • Member ID#
  • Date of Birth 
  • Address
  • Phone Number
  • Details about treatment, such as: 
    • Date of treatment
    • Diagnoses
    • Prescriptions information 
    • Other related details
  • Health Insurance Account Information, such as: 
    • Coverage information 
    • Effective dates of membership  

What Magellan Is Doing

Magellan immediately reported the incident to, and is working closely with, the appropriate law enforcement authorities, including the FBI. Additionally, to help prevent a similar type of incident from occurring in the future, Magellan implemented additional security protocols designed to protect their network, email environment, systems, and personal information.

On June 24, 2020, Magellan mailed letters to Tufts Health Direct members who were affected by the breach. The letters inform members of this breach and provide them with information on protective measures they can take.

What You Can Do

As noted above, Magellan is not aware of any fraud or misuse of any of your personal information as a result of this incident, but they are notifying members out of an abundance of caution. We encourage you to read any statements you get from Tufts Health Direct carefully. If they list any services that you did not ask for or get, make sure you call the Member Services phone number on your Tufts Health Direct ID Card and let us know.

For More Information

The security of your personal information is important to us and we sincerely regret that this incident occurred. For more information, or if you have any questions or need additional information, please contact Magellan at 888-451-6558 or the Member Services number on your Tufts Health Direct ID card.