A ransomware attack involving the Summit Reinsurance Services, Inc. (“SummitRe”) and BCS Financial Corporation, both subcontractors of Highmark Blue Cross Blue Shield of Delaware, compromised customer data.

How many victims? About 19,000 plan members was compromised in the breach and 16 current and former Highmark self-insured customers.

What type of information? The breach compromised health plan information, Social Security numbers, the names of the plan member’s doctor, and claims records containing some medical information.

What happened? Officials discovered the breach in August 2016 and said it was the result of a ransomware attack. It is unclear if the ransomware leaked the information and officials say that so far no ransom has been demanded or paid.

What was the response? The Delaware Department of Insurance is investigating the breach and those who were affected were sent letter dated Jan. 4, 2017, alerting them of the incident

Quote: “We have found no direct evidence of actual or attempted misuse of personal information,” Summit Reinsurance said in a letter to patients.

Source: Delaware official website press release, Internet Health Management