Orrick, Herrington & Sutcliffe, LLP (“Orrick”) recently experienced a security event that may affect the privacy of certain Tufts Health Plan members’ protected health information and/or personal information. Orrick served as legal counsel for a 2020 security incident involving the manager of a Tufts Health Plan vision benefits plan.

On March 13, 2023, Orrick identified suspicious activity in their network by a threat actor, including a file share it they used to store certain client files. Unfortunately, the investigation revealed that files containing personal information and/or protected health information were copied and removed from Orrick’s systems on March 7, 2023. On May 24, 2023, EyeMed notified Tufts Health Plan that some of its members’ PHI was affected by the incident. Since then, we have been working with EyeMed to identify impacted individuals.

The investigation revealed that the following member information potentially could have been accessed: full name, physical address, date of birth, phone number, email address, vision insurance account/identification number, health insurance account/identification number, and for a small subset of members, Social Security number. Orrick reports that it is not aware of any misuse of personal or protected health information related to the incident.

Orrick has established a dedicated call center for individuals to contact with questions or concerns and for potentially impacted individuals to enroll in complimentary credit monitoring and identity theft protection services. If you have any questions about this incident, please call the dedicated assistance line at Kroll, which can be reached at 1-866-347-7897 (toll free) Monday through Friday from 9:00am to 6:30pm Eastern time, excluding major U.S. holidays.

We sincerely apologize that this incident occurred and remain committed to safeguarding the privacy and security of information we collect in providing services to our members.