The largest data breach of 2016 so far has hit a data server operated by Albany, N.Y. based Newkirk Products. Newkirk Products is a third-party vendor providing health insurance ID cards for the health care industry. According to Newkirk the breach was discovered on July 6th but actually occured on May 21st. Newkirk shut down the affected server and is working with forensic investigators to analyze the extent of the breach.
Data belonging to over 3.3 million people across the U.S including 277,000 Blue Cross and Blue Shield customers in North Carolina have been compromised.
According to Newkirk the server did not contain the most sensitive customer information like Social Security numbers, banking or credit card information, medical information or insurance claims. However information found on Blue Cross’s Medicare ID cards includes customer name, mailing address, type of plan, and member and group ID number maybe compromised. In a press release dated August 5th, Newkirk admitted hackers has gained unauthorized access to a server containing names, mailing addresses, plan types, member and group ID numbers, dependent names, primary care providers, dates of birth, premium invoice information, and Medicaid ID numbers.
Customers affected by the breach will receive letters from Newkirk explaining the attack and offering two years of free identity pretection and restoration service. Blue Cross is instructing customers to check their accounts for suspicious activity. These customers are insured by a dozen organizations, including Blue Cross organizations in Kansas City as well as western and northeastern New York.
Currently there is no evidence that any of the personal information obtained in the attack has been misused. However Newkirk is urging affected customers to monitor their account statements and medical bills for suspicious activity.
For additional information customers are advised to call 855-303-9773 or go to http://newkirkproductsfacts.com.
Bon Secours
Bon Secours Health Systems of Richmond, VA is notifying approximately 655,000 of its patients that their information may have been compromised during an incident with a contractor in April.
R-C Healthcare Management, a company doing work for Bon Secours accidently left files containing patient information accessible via the Internet while attempting to adjust their network settings from April 18th to April 21st. Bon Secours staff members discovered the error on June 14th and they immediately notified R-C Healthcare to secure the files.
Information possibly compromised in the exposure include files that may have included patient name, health insurer’s name, health insurance identification number, social security number and limited clinical information.
A spokesperson for Bon Secours says 435,000 patients were affected in Virginia and an uknown number in South Carolina and Kentucky.
R-C Healthcare CEO said in a statement, “Upon learning of the incident R-C promptly hired a highly regarded outside forensic investigator. The investigator confirmed the incident has been fully remediated. All R-C customers who might be affected have been notified of the situation and its resolution. “
Bon Secours custmers affected by the data exposure have been sent a letter notifying them of the breach. Any patients with concerns or questions may call toll free at 1-888-522-8917, 9 a.m. – 9 p.m. EST, Monday-Friday.
See also: The real reason hackers want your medical records.
