New York-based Healthfirst is notifying about 5,300 current and former members that their personal information may have been compromised in a criminal fraud scheme.
How many victims? About 5,300.
What type of personal information? Names, addresses, dates of birth, health insurance plan information, description of missing services, physician numbers, Healthfirst member ID numbers, patient ID numbers, claim numbers, diagnosis codes, and Medicare and Medicaid ID numbers.
What happened? An individual who perpetrated fraud against Healthfirst may have stolen information about current and former members from Healthfirst's online portal.
What was the response? Healthfirst is reviewing and updating its policies, procedures, and online portal security. All affected individuals are being notified, and offered a free year of identity and credit monitoring and restoration services.
Details: Healthfirst discovered in 2013 that it was a victim of fraud and subsequently notified the Department of Justice. The Department of Justice notified Healthfirst on May 27 that the individual who perpetrated fraud may have stolen information about current and former members from Healthfirst's online portal. Healthfirst determined on July 10 that the perpetrator gained access to certain information between April 11, 2012, and March 26, 2014.
Quote: “Notice is being provided to the U.S. Department of Health and Human Services and other regulators as required, and will be posted on Healthfirst's website,” a notification posted to the Healthfirst website said.
Source: healthfirst.org, “Notice of Data Privacy Incident,” July 24, 2015.