Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Healthfirst: 5,300 Members Exposed in Fraud Incident

Healthfirst, a not-for-profit managed care provider serving more than one million members in downstate New York, said on Friday that roughly 5,300 of its current and members had personal information compromised as a result of a fraud scheme.

Healthfirst, a not-for-profit managed care provider serving more than one million members in downstate New York, said on Friday that roughly 5,300 of its current and members had personal information compromised as a result of a fraud scheme.

According to Healthfirst, the Department of Justice (DOJ) informed them on May 27, 2015, that a malicious individual potentially stole information about Healthfirst’s patients through the provider’s online portal.

Healthfirst said that it first discovered that it was the victim of fraud in 2013, and notified the DOJ, which resulted in the perpetrator being charged with fraud.

During its investigation, the DOJ discovered that the fraudster had gained access to some member information and notified Healthfirst, which immediately launched an investigation of its own and hired forensic experts in an effort to determine what patient data was accessed.

On July 10, 2015, Healthfirst determined that the attacker gained access to certain Healthfirst members’ personal information between April 11, 2012 and March 26, 2014.

Fortunately, Social Security numbers and credit card information were not exposed, but other information such as name, address, date of birth, health insurance plan information, description of missing services, physician number, Healthfirst member ID number, patient ID number, claim number, diagnosis code, Medicare and Medicaid ID number, were exposed.

Heathfirst did not respond to a request by SecurityWeek seeking additional details. 

Healthfirst has started to mail letters to affected members, who will be offered access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist.

Advertisement. Scroll to continue reading.

“Healthfirst is taking steps to prevent a similar incident from occurring in the future, including reviewing and updating its policies, procedures, and online portal security,” the organization said in a statement.

Established in 1993, Healthfirst offers low-cost or free government-sponsored health insurance programs.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.