- Published on
Data Breach - I
- Authors
- Name
- Steve Manning
HealthPlan Services, a Florida Blue vendor that provides enrollment and billing services for our members, experienced a data security incident that may have impacted some of these members
We want to provide individuals with information about a data security incident that occurred at HealthPlan Services, Inc. (“HPS”), and let you know that we continue to take significant measures to protect individual personal and Protected Health Information (“PHI”). HPS learned that certain systems within our network had been affected by malware, and as a result, an unauthorized party accessed and/or acquired certain files from HPS’ systems on June 23, 2022.
Upon detecting the incident that same day, HPS commenced an immediate and thorough investigation, contained the network, and alerted law enforcement. As part of our investigation, HPS engaged leading cybersecurity professionals to identify the extent of the activity and what, if any, personal and/or PHI may have been accessed and/or acquired by the unauthorized party.
After an extensive forensic investigation and manual review, on February 28, 2023, HPS initially determined the identity of certain individuals whose personal and/or PHI may have been involved in the incident. On March 21, 2023 HPS identified additional individuals whose personal and/or PHI may have been involved in the incident. The information involved includes one or more of the following identifiers: individual names, dates of birth, medical and/or health insurance information, and certain Social Security numbers, financial account information, and/or identification information. HPS is notifying individuals involved about the incident, along with steps they may take to protect the privacy of their personal and/or PHI. Complimentary credit monitoring services have also been offered to all individuals whose information was involved.
We remind individuals to remain vigilant in reviewing financial account statements on a regular basis for any fraudulent activity. We also recommend that individuals review the explanation of benefits statements that they receive from their health insurance providers and follow up on any items not recognized. Please see the “Other Important Information” section below with additional information to help further safeguard personal data.
The privacy and security of the information we maintain is of the utmost importance to HPS. We value privacy and deeply regret that this incident has occurred. We take the security of personal information very seriously and have taken many precautions to safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of personal information. Since detecting the incident, we have reviewed and revised our information security practices, provided additional training to employees, and implemented additional security measures to mitigate the chance of a similar event in the future.
If you have any further questions regarding this incident, please call our dedicated and confidential toll-free response line that we have set up to respond to questions at 1-833-758-9400. This response line is staffed with professionals familiar with this incident and knowledgeable on what you can do to help protect against misuse of your information. The response line is available Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time, excluding holidays.
This notice is being provided on behalf of the following covered entities whose members may have been involved, listed here:
Blue Shield of California TrustMark Insurance Company Blue Cross and Blue Shield of Florida, Inc. DBA Florida Blue Health Care Service Corporation The AVMA Trust CHRISTUS Health Plan United Concordia Dental Insurance Company – OTHER IMPORTANT INFORMATION –
- Placing a Fraud Alert on Your Credit File.
We recommend that you place an initial one-year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.
Equifax P.O. Box 105069 Atlanta, GA 30348 www.equifax.com 1-800-525-6285 Experian P.O. Box 2002 Allen, TX 75013 www.experian.com 1-888-397-3742 TransUnion LLC P.O. Box 2000 Chester, PA 19016 www.transunion.com 1-800-680-7289 2. Consider Placing a Security Freeze on Your Credit File. If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies: Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
https://www.freeze.equifax.com
1-800-349-9960 Experian Security Freeze
P.O. Box 9554
Allen, TX 75013 http://experian.com/freeze 1-888-397-3742 TransUnion Security Freeze P.O. Box 160 Woodlyn, PA 19094 http://www.transunion.com/creditfreeze 1-800-916-8800 In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
If you do place a security freeze prior to enrolling in any credit monitoring service, you will need to remove the freeze in order to sign up for the credit monitoring service. After you sign up for the credit monitoring service, you may refreeze your credit file.
- Obtaining a Free Credit Report.
Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
- Protecting Your Health Information.
As a general matter the following practices can help to protect you from medical identity theft.
Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care. Review your “explanation of benefits” statement which you receive from your health insurance company. Follow up with your insurance company or the care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential disclosure (June 23, 2022) to current date. Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or care provider for any items you do not recognize. 5. Additional Helpful Resources.
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes. For more information on preventing and reporting identity theft, you may go to www.ftc.gov/credit.
If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside.