The Delaware Department of Insuranceis investigating a data breach atHighmark Blue Cross Blue Shield, one of the states biggest health insurers. Thedata breachdiscoveredin August occurred at Summit Reinsurance Services Inc. and BCS Financial Corp., both subcontractors of Highmark Blue Cross Blue Shield of Delaware, says Delaware Insurance Commissioner Trinidad Navarro.The data breach compromised the personal information of about 19,000 plan members, including health plan and Social Security numbers, the name of the plan members doctor and claims records containing some medical information, says the Delaware Department of Insurance.The department of insurance takes this matter seriously and is currently investigating how this occurred, Navarro says. Summit Reinsurance Services and BCS Financial provide Highmark of Delaware Blue Cross Blue Shield with underwriting and reinsurance consulting services. The data breach happened as the result of a ransomware attack, according to state insurance regulators. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. The Delaware Department of Insurance, Highmark or Summit Reinsurance believe so far no ransom has been demanded or paid. We have found no direct evidence of actual or attempted misuse of personal information, Summit Reinsurance said in a Jan. 4 letter to certain plan members.A forensic security audit by an unnamed cybersecurity company for Summit Reinsurance revealed unauthorized access to a server containing personal plan member information occurred in March. Earlier this month Summit Reinsurance sent letters to impacted plan members telling them about the breach. In the letter Summit Reinsurance told plan members who likely did have their personal electronic data compromised they would receive one year of free credit monitoring and identity restoration services.Highmark Blue Cross Blue Shield of Delaware told the Delaware Department of Insurance it was aware of the breach and would cooperate with an investigation but has yet to release any more public statements. In a note to the Delaware Department of Insurance, Highmark Blue Cross and Blue Shield of Delaware director of privacy and information management Karen Kane noted the breach impacted 16 current and former Highmark self-insured employers that provided coverage for the 19,000 plan members affected by the incursion.Highmark operate health insurance plans in Pennsylvania, Delaware and West Virginia that serve 5.2 million members and employ approximately 18,000 people. The company also says it is the fourth largest Blue Cross and Blue Shield plan.

Favorite