Financial Crime World

Data Breach Risk Management in Puerto Rico Exposed Over 400,000 Customers’ Personal Information

A devastating security breach at Triple- S Management, a leading managed care services provider in Puerto Rico, has left over 400,000 customers vulnerable to identity theft and fraud. The breach occurred on September 21st, when one or more employees of the Puerto Rico Medical Card System illegally accessed restricted areas of the organization’s website until September 30th.

Affected Individuals and Compromised Data

According to a disclosure sent by the Puerto Rico Department of Health to the US Department of Health and Human Services, the breach affected individuals enrolled in the health plan for the North and North Metro regions. The compromised data included:

  • Subscriber names
  • Addresses
  • Diagnostic codes
  • Procedure codes
  • Independent practice associations (IPAs)

Cause of the Breach

In a statement filed with its Form 10- Q, Triple- S Management revealed that the security breaches were attributed to unauthorized use of one or more active user IDs and passwords specific to the TCI IPA database. However, the company was unable to determine the purpose of the breaches or extent of any fraudulent use of the compromised information.

Concerns about Data Breach Risk Management in Puerto Rico

The incident has sparked concerns about data breach risk management in Puerto Rico, with many calling for stricter measures to protect sensitive customer information. The lack of transparency and accountability in the company’s response to the breach has raised questions about the effectiveness of current regulations.

Response to the Breach

In response to the breach, Triple- S Management notified law enforcement and relevant agencies. However, the company is currently appealing a $100,000 fine levied by the Puerto Rican government.

Conclusion

The data breach at Triple-S Management highlights the importance of robust data breach risk management practices in Puerto Rico. As the island’s healthcare system continues to evolve, it is crucial that providers prioritize customer privacy and security to prevent such incidents from occurring in the future.