Healthcare management provider Humana recently revealed that hackers accessed information of individuals who had applied for a Humana health insurance policy via Bankers Life.
With millions of customers in the United States, the Louisville, Kentucky-based for-profit health insurance company ranked 56 on the Fortune 500 list.
In a breach notification filing with the California Attorney General’s Office (PDF), the company revealed that the hackers were able to compromise Bankers Life, one of its associates, but that the incident impacted a limited number of its own customers.
The company says it learned of the incident on October 25, when Bankers Life said bad actors accessed system credentials belonging to some of its employees. The hackers had access to said credentials between May 30 and September 13, 2018 and leveraged them maliciously.
“During this period, an unauthorized bad actor used employee system credentials to gain access to certain secure, Bankers Life websites, potentially resulting in unauthorized access to limited, personal information of individuals who had applied for a Humana health insurance policy through Bankers Life,” Humana says.
The healthcare management provider says the hackers might have accessed a great deal of information on its customers, including name, address, date of birth, last four digits of their Social Security number, and limited information about their Humana health insurance policy (such as the type and cost of the coverage, and application or policy number).
The company also says that the hackers did not have unauthorized access to other types of information on its customers, such as the full Social Security number, banking or credit card information, or information about health or medical care.
Bankers Life first learned of the incident on August 7, and immediately launched an investigation, including the hiring of external forensics investigators, the company says.
“We want you to know that at Humana we take seriously our responsibility to ensure the security of your information. We regret any concern this incident may have caused. You have privacy rights under a Federal law that protects your health information,” Humana told impacted customers.
Humana has yet to provide details on the number of impacted customers. The company’s website is down at the time of this writing.
Related: Data Breach Hits 2.6 Million Atrium Health Patients
Related: Hackers Breach HealthCare.gov System, Get Data on 75,000
