A data breach that compromised the personal information of approximately 5,300 Healthfirst members has been traced back to a criminal fraud scheme perpetrated against the insurer in 2013, according to an announcement from Healthfirst.
Healthfirst was initially informed of the breach in May when the justice department told the company that an individual charged with orchestrating a fraud scheme against the company accessed patient information in 2013, when the scheme took place. Healthfirst subsequently launched its own investigation and determined the perpetrator accessed member information between April 2012 and March 2014.
Forensic experts hired by Healthfirst determined that social security numbers and credit card information were not compromised during the breach; however, names, addresses, dates of birth, plan information, physician numbers, patient ID numbers, and Medicare and Medicaid ID numbers were accessed during that time period.
Healthfirst said it will provide affected individuals with one year of identity and credit monitoring along with an identity theft protection specialist.
The Healthfirst hack adds to a string of data breaches within the healthcare industry in the last year, which create multiple avenues to perpetrate healthcare fraud schemes. In February, Anthem announced that hackers had compromised the patient health information of 80 million members. A month later, Premera Blue Cross announced that hackers stole the patient health information of 11 million customers.
- read the Healthfirst announcement
Anthem hack opens multiple inroads to healthcare fraud
Premera says data breach may affect 11 million consumers
Anthem hack compromises info for 80 million customers
Federal health insurance exchange data at risk?