Healthfirst, a not-for-profit managed care provider serving more than one million members in downstate New York, said on Friday that roughly 5,300 of its current and members had personal information compromised as a result of a fraud scheme.
According to Healthfirst, the Department of Justice (DOJ) informed them on May 27, 2015, that a malicious individual potentially stole information about Healthfirst’s patients through the provider’s online portal.
Healthfirst said that it first discovered that it was the victim of fraud in 2013, and notified the DOJ, which resulted in the perpetrator being charged with fraud.
During its investigation, the DOJ discovered that the fraudster had gained access to some member information and notified Healthfirst, which immediately launched an investigation of its own and hired forensic experts in an effort to determine what patient data was accessed.
On July 10, 2015, Healthfirst determined that the attacker gained access to certain Healthfirst members’ personal information between April 11, 2012 and March 26, 2014.
Fortunately, Social Security numbers and credit card information were not exposed, but other information such as name, address, date of birth, health insurance plan information, description of missing services, physician number, Healthfirst member ID number, patient ID number, claim number, diagnosis code, Medicare and Medicaid ID number, were exposed.
Heathfirst did not respond to a request by SecurityWeek seeking additional details.
Healthfirst has started to mail letters to affected members, who will be offered access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist.
“Healthfirst is taking steps to prevent a similar incident from occurring in the future, including reviewing and updating its policies, procedures, and online portal security,” the organization said in a statement.
Established in 1993, Healthfirst offers low-cost or free government-sponsored health insurance programs.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Russia-Linked APT29 Uses New Malware in Embassy Attacks
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
