Nintendo of America Inc.

The covered entity (CE), Nintendo of America, Inc., reported that on May 5, 2014, attackers impermissibly accessed and acquired data in possession of its business associate (BA), Premera. This data included the protected health information (PHI) of former and current participants in health plans of certain members of the Blue Cross Blue Shield Association dating back to 2002. The BA is a member of the Blue Cross Blue Shield Association and is the third-party administrator for the health plan. As a result, some former and current plan participants have been impacted. The CE reported that 6,248 individuals were affected and the PHI involved in the breach included demographic, clinical, and financial information. The BA provided breach notification to HHS, affected individuals, and the media. The CE had a BA agreement in place with Premera. OCR determined that Nintendo is in compliance with the Privacy, Security, and Breach Notification Rules.
Location of breached information: Network Server
Business associate present: No