Security Experts:

Healthfirst: 5,300 Members Exposed in Fraud Incident

Healthfirst, a not-for-profit managed care provider serving more than one million members in downstate New York, said on Friday that roughly 5,300 of its current and members had personal information compromised as a result of a fraud scheme.

According to Healthfirst, the Department of Justice (DOJ) informed them on May 27, 2015, that a malicious individual potentially stole information about Healthfirst's patients through the provider’s online portal.

Healthfirst said that it first discovered that it was the victim of fraud in 2013, and notified the DOJ, which resulted in the perpetrator being charged with fraud.

During its investigation, the DOJ discovered that the fraudster had gained access to some member information and notified Healthfirst, which immediately launched an investigation of its own and hired forensic experts in an effort to determine what patient data was accessed.

On July 10, 2015, Healthfirst determined that the attacker gained access to certain Healthfirst members' personal information between April 11, 2012 and March 26, 2014.

Fortunately, Social Security numbers and credit card information were not exposed, but other information such as name, address, date of birth, health insurance plan information, description of missing services, physician number, Healthfirst member ID number, patient ID number, claim number, diagnosis code, Medicare and Medicaid ID number, were exposed.

Heathfirst did not respond to a request by SecurityWeek seeking additional details. 

Healthfirst has started to mail letters to affected members, who will be offered access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist.

“Healthfirst is taking steps to prevent a similar incident from occurring in the future, including reviewing and updating its policies, procedures, and online portal security,” the organization said in a statement.

Established in 1993, Healthfirst offers low-cost or free government-sponsored health insurance programs.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.