Almost 14,000 Impacted by SAMBA Secrecy Breach

Apr 15, 2018


14,000 people are being alerted regarding a February 2018 breach of PHI at the Special Agents Mutual Benefit Association (SAMBA).

The data breach impacts entitled family members of plan members who were protected by the Federal Workers Health Benefits Plan during 2017.

It is an Internal Revenue Service (IRS) responsibility for SAMBA to send a copy of Form 1095-B to all plan associates every tax year. The form in question helps plan subscribers’ and protected family members’ compliance with the Affordable Care Act’s separate permission.

The forms for the 2017 tax year were delivered on or soon after February 19, 2018; nevertheless, a programming error led to the forms being filled with information pertaining to other subscribers’ family members.

Instead of listing the subscribers’ family members protected by their health plan, the forms recorded the names and Social Security numbers of other subscribers’ family members and the dates of health insurance protection during 2017.  The forms were also dated 2016 in error.

SAMBA specified that no subscribers’ Social Security numbers were accessible. The secrecy breach was restricted to subscribers’ family members. An official inquiry into the mistake indicated that the mailing mistake impacted 13,942 people.

The mistake was first found on February 22, 2018, and a subsequent mailing was issued with the correct tax year and family members’ details on the forms. Notice correspondence has also been conveyed to family members affected by the breach, and subscribers who were in receipt a wrong copy of Form 1095-B have also been instructed and ordered to destroy the 2016 type of the form in question.

There have been no reports to SAMBA to indicate the impermissibly revealed data has been abused in any manner; nevertheless, as a safety measure against identity theft, all those impacted have been told to use extreme caution and get credit reports and check them and their Explanation of Benefits statements carefully for any indication of possible fake activity.