From their press release:
SAMBA Federal Employee Benefit Association (“SAMBA”) recently learned of an incident that may affect information related to eligible family members of subscribers (“family members”) covered by the SAMBA Federal Employees Health Benefits Plan in 2017.
“We take this incident, and member privacy, very seriously,” Walter E. Wilson, SAMBA’s Executive Director stated. “We are taking steps to prevent any future data incident, and as always will continue to review and improve our processes, policies, and procedures that address data privacy,” he said.
What Happened
The Internal Revenue Service requires SAMBA to send its plan subscribers a notice known as a Form 1095-B that will support the subscribers’ and his or her covered family members’ compliance with the Affordable Care Act’s individual mandate, which remains in effect through 2018. On February 19, 2018, SAMBA began the process of mailing out Form 1095-B notices to plan subscribers for the 2017 tax year. During the mailing preparation process, a programming error occurred whereby some subscribers received a Form 1095-B containing the name and Social Security number for one or more family members of another plan subscriber. All subscribers received a Form 1095-B that was erroneously dated 2016. SAMBA became aware of the issue on or around February 22, 2018. SAMBA corrected the programming error and mailed corrected 2017 Form 1095-B notices to all subscribers. The incorrect 2016 Form 1095-B notices were not submitted to the Internal Revenue Service.
This incident did not disclose any subscriber’s Social Security number.
Information Affected
While SAMBA currently has no evidence that the impacted family members’ information was subject to any actual or attempted misuse, SAMBA confirmed that in some cases Form 1095-Bs containing family members’ names, Social Security numbers, and periods of health insurance coverage during the 2017 tax year were mailed to the incorrect subscriber. SAMBA has written to the subscribers who received erroneous family member data. Those letters ask the subscriber to destroy the erroneous 2016 Form 1095-B.
Notification
SAMBA is mailing letters to impacted family members and is providing those family members with free credit monitoring and identity restoration services through AllClear ID. SAMBA also informed the U.S. Department of Health and Human Services, certain state regulators and news media outlets about this incident, as required.
Fraud Prevention Tips
While SAMBA currently has no evidence that the impacted family members’ information was subject to any actual or attempted misuse, they encourage affected individuals to remain vigilant against incidents of identity theft and fraud, and to seek to protect against possible identity theft or other financial loss by regularly reviewing their financial account statements, credit reports, and explanations of benefits for suspicious activity. Anyone with questions regarding how to best protect themselves from potential harm resulting from this incident, including how to receive a free copy of one’s credit report, and place a fraud alert or security freeze on one’s credit file, is encouraged to call our member support line at 1-855-220-9668 Monday through Saturday, 9:00 a.m. to 9:00 p.m. E.T.
Comments: Is it just me, or do these bold-faced (by me) statements sound contradictory:
During the mailing preparation process, a programming error occurred whereby some subscribers received a Form 1095-B containing the name and Social Security number for one or more family members of another plan subscriber. All subscribers received a Form 1095-B that was erroneously dated 2016. SAMBA became aware of the issue on or around February 22, 2018. SAMBA corrected the programming error and mailed corrected 2017 Form 1095-B notices to all subscribers. The incorrect 2016 Form 1095-B notices were not submitted to the Internal Revenue Service.
This incident did not disclose any subscriber’s Social Security number.
This incident was reported to HHS as affecting 13,942 members.