- At Highmark Blue Cross Blue Shield in Delaware, two subcontractors suffered a breach leaving 16 self-insured customers and 19,000 Highmark members vulnerable to a potential attack.
The incident came to light January 13, 2017 after the Delaware Department of Insurance released the information to the public.
The two subcontractors that fell victim to the breach were Summit Reinsurance Services, Inc., in Indiana and BCS Financial in Illinois.
While Highmark did not specify the explicit nature of the security breach, this incident is only one of several reported security incidents tied back to a breach that Summit Reinsurance Services, Inc., suffered in 2016.
In November 2016, Summit reported a ransomware attack impacting thousands of current and former Black Hawk College employees. The infected server contained PHI, including Social Security numbers and health insurance information.
Earlier that month, Summit was also tied to a potential data breach at Louisiana Health Cooperative, Inc. in Rehabilitation. The breach involved a ransomware infection compromising a server containing sensitive patient information including Social Security numbers.
Trinidad Navarro, the Delaware Insurance Commissioner, issued a statement saying the agency was looking into the breach.
"I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred," Navarro said. "I have directed my staff to closely monitor the situation as it develops. Many Delawareans have received mailed correspondence from Summit Reinsurance explaining the breach. Unfortunately, we fear that many may have misinterpreted or inadvertently discarded the latter as some form of sales ad."
The Delaware Department of Insurance has offered resources potentially affected patients can use to answer any questions regarding the safety of their personal information.
Virginia hospital suffers cybersecurity breach
On November 17, 2016, Sentara Healthcare became aware one of its third party vendors suffered a cybersecurity breach involving personal health information. The data involved information on vascular and thoracic procedures occurring between 2012 and 2015 at a Sentara facility.
Potentially accessed information may have included patients’ names, medical records, and Social Security numbers.
The Virginia hospital has since issued a public statement and called upon law enforcement, as well as the third party vendor, to aid in an investigation into the incident.
In an effort to mitigate any potential damage, Sentara Healthcare began mailing advisory notices to patients who may have been affected by the incident on January 13, 2017.
Sentara suggests concerned patients potentially impacted by the incident stay privy to any signs of possible fraud or identity theft by reviewing account statements and free credit reports for any activity they cannot personally account for. The organization provided resources patients can utilize to prevent future problems with personal security.