DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Healthfirst notifying 5,300 members whose data were stolen between 2012-2014

Posted on July 24, 2015 by Dissent

Healthfirst, 100 Church Street, New York, New York 10007, is notifying approximately 5300 affected members and past members that their personal information may have been compromised in the course of a criminal fraud scheme perpetrated against Healthfirst.  Social Security numbers and credit card information were not affected.

On May 27, 2015, Healthfirst was informed by the Department of Justice (“DOJ”) that an individual who perpetrated a fraud against Healthfirst may have stolen information about Healthfirst’s patients from Healthfirst’s online portal.  Healthfirst had discovered that it was the victim of fraud in 2013, notified the DOJ and cooperated with the DOJ’s investigation, which resulted in the perpetrator being charged with fraud.  During its investigation, the DOJ discovered that the perpetrator had gained access to some member information and recently notified Healthfirst of that fact.  Healthfirst immediately launched an investigation of its own and hired forensic experts to determine what patient data was accessed.  On July 10, 2015, we determined that the perpetrator gained access to certain Healthfirst members’ personal information between April 11, 2012 and March 26, 2014.

Healthfirst determined that the following types of information relating to Healthfirst members appears to have been accessed by the provider: name, address, date of birth, health insurance plan information, description of missing services, physician number, Healthfirst member ID number, patient ID number, claim number, diagnosis code, Medicare and Medicaid ID number.

Beginning July 25, 2015, Healthfirst will mail letters to each of the affected members.  Notice is being provided to the U.S. Department of Health and Human Services and other regulators as required, and will be posted on Healthfirst’s website.

Healthfirst sincerely regrets that this incident occurred.  Healthfirst takes the privacy and security of its members’ health information very seriously.  Healthfirst values the trust its members have placed in it as their health plan and it is Healthfirst’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Healthfirst is providing affected individuals with access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist.  Healthfirst is taking steps to prevent a similar incident from occurring in the future, including reviewing and updating its policies, procedures, and online portal security.  Healthfirst has informed affected individuals that they may contact the confidential assistance line if they have any questions or if they would like more information.  The confidential inquiry line can be reached between 9am and 9pm ET, Monday through Saturday, at 877-220-1388.  Individuals should use reference number 9344071715.

To further protect against possible identity theft or other financial loss, individuals are encouraged to remain vigilant, to review account statements, and to monitor credit reports for suspicious activity.  Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus.  To order a free credit report, an individual can visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  Individuals may also contact the three major credit bureaus directly to request a free copy of the relevant credit report.

Individuals are encouraged to regularly review any Explanation of Benefits statement received from insurers for suspicious activity.  If an individual does not receive regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies.  Individuals may want to order copies of credit reports and check for any unrecognized medical bills.  If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.  Individuals should keep a copy of notices in case future problems arise.  Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

At no charge, an individual can also have these credit bureaus place a “fraud alert” on his or her file that alerts creditors to take additional steps to verify his or her identity prior to granting credit in his or her name.  Note, however, that because it tells creditors to follow certain procedures, it may also delay an individual’s ability to obtain credit while the agency verifies his or her identity.  As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on the individual’s file.  Should an individual wish to place a fraud alert, or have any questions regarding a credit report, he or she should contact any one of the agencies listed below.  Information regarding security freezes is also available from these agencies.

Individuals can further educate themselves regarding identity theft, security freezes, and the steps to take to protect themselves, by contacting the Federal Trade Commission (FTC).  The FTC can be reached at:  600 Pennsylvania Avenue NW, Washington, DC 20580; www.ftc.gov/bcp/edu/microsites/idtheft/; 1-877-ID-THEFT (877-438-4338); and TTY: 866-653-4261. The FTC encourages those who discover that their information has been misused to file a complaint with them.  Information on how to file such a complaint can be found at the FTC website listed above.  Individuals should report known or suspected identity theft or fraud to law enforcement, their state Attorney General, and the FTC.

Anyone who would like to ask questions, would like additional information, or did not receive a letter but would like to know if they are affected, is invited to contact Healthfirst’s confidential inquiry line between 9am and 9pm ET, Monday through Saturday, at 877-220-1388.  Individuals should use reference number 9344071715.

SOURCE: Healthfirst 

Related posts:

  • TX: Statement and Frequently Asked Questions about the 2018 ERS OnLine Security Incident
  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
  • UK shipping provider Clarkson discloses 2017 hack and ransom demand
Category: HackHealth DataU.S.

Post navigation

← Georgia Division Of Aging Services Notifies 3,000 Clients Of Data Breach
NIST releases draft guidelines for protecting patient data on mobile devices; comments sought →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.