Magellan Data Breach

On April 11, 2020, Magellan discovered it was targeted by a ransomware attack

June 17, 2020  

What happened

National Imaging Associates (NIA), a division of Magellan, performs utilization management services on behalf of Tufts Health Plan members. This occurs when a provider requests coverage for a health care service for a member. We use NIA to review and authorize certain services.

On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client. Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that this incident may have affected the personal information of a small number of members.  At this point, Magellan is not aware of any fraud or misuse of the personal information as a result of this incident.

What information was taken?

The hackers DID NOT have access to:

  • Social Security number or
  • Credit card, banking, or other financial details

The hackers may have accessed:

  • Member name
  • Member ID#      
  • Date of Birth     
  • Address            
  • Phone Number   
  • Details about treatment, such as:
    • Date of treatment
    • Diagnoses
    • Prescriptions information
    • Other related details
  • Health Insurance Account Information, such as:
    • Coverage information
    • Effective dates of membership

What Magellan is doing

Magellan immediately reported the incident to, and is working closely with, the appropriate law enforcement authorities, including the FBI. Additionally, to help prevent a similar type of incident from occurring in the future, Magellan implemented additional security protocols designed to protect their network, email environment, systems, and personal information.

Tufts Health Plan members who were affected by the breach will receive letters from Magellan during the week of June 22, 2020.

The letters will inform members of this breach and provide them with information on protective measures they can take.

What you can do

As noted above, Magellan is not aware of any fraud or misuse of any of your personal information as a result of this incident, but they are notifying members out of an abundance of caution. We encourage you to read any statements you get from Tufts Health Plan carefully. If they list any services that you did not ask for or get, make sure you call the Member Services phone number on your Tufts Health Plan ID Card and let us know.

For more information

The security of your personal information is important to us and we sincerely regret that this incident occurred. For more information, or if you have any questions or need additional information, please contact Magellan at 888-451-6558 or the Member Services number on your Tufts Health Plan ID Card.