Gold Coast Health Plan (GCHP) has reported that a cyberattack on one of its contracted vendors, Conduent Business Solutions, has potentially compromised the personal information of 540 members. The incident, which involved unauthorized access to a specific employee’s email account, is believed to have occurred between October 21, 2024, and January 13, 2025. Following the discovery of the breach, Conduent promptly took steps to secure its systems and launched an investigation, notifying law enforcement and engaging a cybersecurity firm to evaluate the extent of the data exposure.
The forensic investigation revealed that the compromised information includes member names, health plan identification numbers, dates of medical services, costs of services, and claim numbers. Importantly, social security numbers and financial details were not accessed or disclosed during the attack. To date, GCHP has not observed any misuse or attempted misuse of the affected data.
“We deeply regret that the private information of some of our members was possibly exposed during this cyberattack,” stated Robert Franco, GCHP’s chief compliance officer. He assured that GCHP is collaborating with Conduent to implement measures that will prevent future incidents.
To inform those affected, GCHP has mailed letters outlining the situation and encouraging members to review their credit reports for any unfamiliar medical bills. Members can obtain free annual credit reports through the three major reporting agencies by calling 1-877-322-8228 or visiting the Annual Credit Report website.
As a vital service provider, GCHP supports approximately 240,000 Medi-Cal members across Ventura County, emphasizing its commitment to delivering high-quality healthcare and improving community health since its establishment in 2011. For further information, members may contact the GCHP Member Services Team at 1-888-301-1228 during business hours.
Despite the challenge posed by this cyber incident, GCHP’s proactive response and member dedication reflect a commitment to safeguarding health information and restoring trust. The incident serves as a reminder of the importance of cybersecurity measures in the healthcare sector and the ongoing vigilance required to protect personal data.