Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies.

It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security incident” that took place between June 2018 and October 11. According to a company press release, the breach compromised employee email accounts containing customers’ names, addresses, Social Security numbers, birth dates, bank account numbers and insurance premium payment information.

The Department of Insurance advised local customers of Highmark BCBS, Aetna, Emblem Health, Humana and UnitedHealth to keep an eye out for personal breach notifications in the mail. The agency also recommended that consumers accept any free credit and identity monitoring services that these insurance companies may offer.

“The Department of Insurance takes any breach of personal information very seriously. We will continue to do our part by conducting further investigations to fully understand what happened, how it happened and what data was affected,”
said Insurance Commissioner Trinidad Navarro in his department’s Jan. 28 release. “Our goal is to minimize the negative effects and prevent similar incidents from happening in the future.” 

The release also states that Delaware this year is working to pass legislation “intended to fortify the security measures that protect consumer data and that will require insurance companies and affiliated third-party vendors to notify the Insurance Commissioner of any breach as soon as possible.”

BenefitMall said that to prevent a similar incident in the future, it has implemented additional security measures to protect employee emails and consumer data, including two-factor authentication and access control. It also is providing employees with anti-phishing training.

The number of victims located Delaware is just a small percentage of those impacted. HealthITSecurity reported earlier this month that 111,589 consumers in total were affected by the breach.