Healthfirst, 100 Church Street, New York, New York 10007, is notifying approximately 5300 affected members and past members that their personal information may have been compromised in the course of a criminal fraud scheme perpetrated against Healthfirst. Social Security numbers and credit card information were not affected.
On May 27, 2015, Healthfirst was informed by the Department of Justice (“DOJ”) that an individual who perpetrated a fraud against Healthfirst may have stolen information about Healthfirst’s patients from Healthfirst’s online portal. Healthfirst had discovered that it was the victim of fraud in 2013, notified the DOJ and cooperated with the DOJ’s investigation, which resulted in the perpetrator being charged with fraud. During its investigation, the DOJ discovered that the perpetrator had gained access to some member information and recently notified Healthfirst of that fact. Healthfirst immediately launched an investigation of its own and hired forensic experts to determine what patient data was accessed. On July 10, 2015, we determined that the perpetrator gained access to certain Healthfirst members’ personal information between April 11, 2012 and March 26, 2014.
Healthfirst determined that the following types of information relating to Healthfirst members appears to have been accessed by the provider: name, address, date of birth, health insurance plan information, description of missing services, physician number, Healthfirst member ID number, patient ID number, claim number, diagnosis code, Medicare and Medicaid ID number.
Beginning July 25, 2015, Healthfirst will mail letters to each of the affected members. Notice is being provided to the U.S. Department of Health and Human Services and other regulators as required, and will be posted on Healthfirst’s website.
Healthfirst sincerely regrets that this incident occurred. Healthfirst takes the privacy and security of its members’ health information very seriously. Healthfirst values the trust its members have placed in it as their health plan and it is Healthfirst’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.
Healthfirst is providing affected individuals with access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. Healthfirst is taking steps to prevent a similar incident from occurring in the future, including reviewing and updating its policies, procedures, and online portal security. Healthfirst has informed affected individuals that they may contact the confidential assistance line if they have any questions or if they would like more information. The confidential inquiry line can be reached between 9am and 9pm ET, Monday through Saturday, at 877-220-1388. Individuals should use reference number 9344071715.
To further protect against possible identity theft or other financial loss, individuals are encouraged to remain vigilant, to review account statements, and to monitor credit reports for suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, an individual can visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of the relevant credit report.
Individuals are encouraged to regularly review any Explanation of Benefits statement received from insurers for suspicious activity. If an individual does not receive regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report. Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.
At no charge, an individual can also have these credit bureaus place a “fraud alert” on his or her file that alerts creditors to take additional steps to verify his or her identity prior to granting credit in his or her name. Note, however, that because it tells creditors to follow certain procedures, it may also delay an individual’s ability to obtain credit while the agency verifies his or her identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on the individual’s file. Should an individual wish to place a fraud alert, or have any questions regarding a credit report, he or she should contact any one of the agencies listed below. Information regarding security freezes is also available from these agencies.
Individuals can further educate themselves regarding identity theft, security freezes, and the steps to take to protect themselves, by contacting the Federal Trade Commission (FTC). The FTC can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.ftc.gov/bcp/edu/microsites/idtheft/; 1-877-ID-THEFT (877-438-4338); and TTY: 866-653-4261. The FTC encourages those who discover that their information has been misused to file a complaint with them. Information on how to file such a complaint can be found at the FTC website listed above. Individuals should report known or suspected identity theft or fraud to law enforcement, their state Attorney General, and the FTC.
Anyone who would like to ask questions, would like additional information, or did not receive a letter but would like to know if they are affected, is invited to contact Healthfirst’s confidential inquiry line between 9am and 9pm ET, Monday through Saturday, at 877-220-1388. Individuals should use reference number 9344071715.
SOURCE: Healthfirst