10.5M Impacted in New York Heath Insurer Data Breach

Excellus BlueCross BlueShield

What happened?

On September 9, Rochester-based Excellus BlueCross BlueShield, and their affiliate, Lifetime Healthcare Companies, disclosed they had suffered a massive data breach.

The breach exposed the names, addresses, telephone numbers, Social Security numbers, financial account information and, in some cases, sensitive medical information of 10.5 million members and patients who used their services.

The health insurance providers discovered the data breach on August 5 after detecting unauthorized activity on their IT system. Following their initial investigation, they realized the breach had begun a full 19 months prior in December 2013.

Excellus BlueCross BlueShield is the fourth health insurance provider to be hacked in the past year.

While the Excellus BlueCross BlueShield data breach is centralized in New York, the attack affects consumers nationwide. Any individual who participated in programs from Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera may have had their information exposed.

The health insurer is currently cooperating with an FBI investigation into the cyber attack and has contacted an outside cybersecurity firm for additional assistance.

What should you do?

Due to the sensitive nature of the information that has been exposed, Excellus BlueCross BlueShield members and Lifetime Health Companies participants are now at an increased risk of identity crimes.

Anyone potentially impacted by this breach should be vigilant about minimizing fraud risks, including taking the following actions:

  • Review your credit report
    Exposed Social Security numbers may be used to open new lines of credit in your name. Catch identity theft early by reviewing your credit report for unfamiliar accounts. 
  • Check your medical records
    Medical identity theft is one of the lesser known but more damaging identity crimes. It occurs when someone fraudulently seeks care, drugs or benefits using your identity and medical information.
  • Monitor bank statements regularly
    Stolen financial information may be used to drain your financial accounts. Contact your financial institution immediately if you notice any fraudulent charges.
  • Enroll in complimentary identity protection services
    Excellus is offering impacted consumers two years of complimentary credit monitoring through TransUnion and identity theft protection services through Kroll. You may enroll by visiting active.kroll.com.
  • Watch for spam or phishing attempts via phone or email
    In previous insurance breaches, phishing attacks were the most common threat consumers faced. If you would fall for the Anthem phishing email shown below, you should brush up on your phishing know-how here.

Phishing email that circulated following the Anthem data breach.

For more information, be sure to visit Excellus’ support website or contact their customer hotline at 1-877-589-3331 if you have additional questions related to the incident.

Learn more about data breaches and how to protect your personal information in the Fighting Identity Crimes Education Center.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.