Someone hacked the website of one of Idaho’s largest insurance companies and obtained access to the personal information of about 5,600 customers, including their names, claim payment information, and codes indicating medical procedures they may have undergone.
Blue Cross of Idaho said the information did not include Social Security numbers, driver’s license numbers, banking or credit card numbers or information about medical diagnoses. The company says all affected members were notified and were offered three years of complementary credit monitoring and identity protection services.
The company has about 560,000 health insurance customers.
The breach reported to the FBI happened March 21st, when an unauthorized user accessed the provider section of the Blue Cross of Idaho website, with the intent of fraudulently rerouting a provider financial transaction. Blue Cross stopped the attempted fraud that day and secured the portal, and determined the next day that the hacker accessed provider remittance documents with the private health information of some customers. Those documents included member names, member subscriber numbers, the dates the member received health care services, their health care provider’s names, and medical procedures codes, along with some other information about their medical claims.
The company is asking members to review their health benefits statements and contact Blue Cross if services are listed that they did not receive.
The company hired cybersecurity experts to review the incident and is cooperating with the FBI. (AP)