- A New York-based service provider that issues healthcare ID cards for health insurance plans recently announced that it experienced a data breach potentially compromising the information of 3.3 million plan members.
Newkirk Products, Inc. explained in a company statement that there was unauthorized access to one of its servers that contained personal information. The data includes some combination of member names, mailing addresses, type of plan, member and group ID numbers, names of dependents enrolled in the plan, primary care providers, and in some cases, dates of birth, premium invoice information and Medicaid ID numbers.
However, health data security is not at risk as no health plan systems were accessed or affected in any way, Newkirk reported. Social Security numbers, banking or credit card information, medical information or any insurance claims information were also not in the accessed server.
“On July 6, 2016, Newkirk discovered that a server containing member information was accessed without authorization,” the statement reads. “Newkirk shut down the server, started an investigation into the incident and hired a third party forensic investigator to determine the extent of the unauthorized access and whether the personal information of its clients’ members may have been accessed. Newkirk also notified federal law enforcement.”
The unauthorized access first occurred on May 21, 2016, but there has been no indication that the data has been used inappropriately, according to Newkirk.
Newkirk provides healthcare ID cards for the following insurance plans:
Blue Cross and Blue Shield of Kansas City, Blue Cross Blue Shield of North Carolina, HealthNow New York Inc., BlueCross BlueShield of Western New York, BlueShield of Northeastern New York, and Capital District Physicians' Health Plan, Inc. (CDPHP), and, through Newkirk’s relationship as a service provider to DST Health Solutions, Inc., Gateway Health Plan, Highmark Health Options, West Virginia Family Health, Johns Hopkins Employer Health Programs, Inc., Priority Partners Managed Care Organization and Uniformed Services Family Health Plan.
Potentially affected individuals will receive a letter in the mail, and will also be offered two years of free identity protection and restoration services.
Even though Newkirk does not believe the information has been misused, it still recommended that members carefully monitor their account statements, medical bills, and health insurance statements regularly for suspicious activity.
This is the second large data breach reported in the past month. Last week, Banner Health reported that approximately 3.7 million records were potentially affected after a cybersecurity attack.
In that case, however, patients, members and beneficiaries, providers, and food and beverage outlet customers may have had their information exposed. Affected patients may have had names, dates of birth, addresses, physicians’ names, dates of service, clinical information, and possibly health insurance information accessed. If Social Security numbers were provided, then those may also have been exposed.
“Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers,” Banner Health President and CEO Peter Fine said.