Blue Cross of Idaho member portal breached and hacker attempts to reroute the payments

Blue Cross of Idaho discovered that its website was hacked, and as a result unauthorized individual accessed its member portal as well as viewed Protected Health Information (PHI) of a few of its members. Breach portal of HHS indicates that 6,045 individuals were affected.

As per officials, the member portal got breached on Mar. 21, 2019. As a result, hacker has accessed the provider remittance documents as well as attempts to fraudulently reroute the financial transactions done by providers during the time when the access of member portal was possible.

On March 22, 2019, the officials determined that the hacker has been able to access the provider remittance data containing PHI. As soon as the breach was discovered, Blue Cross of Idaho has terminated unauthorized access as well as secured its portal so as to prevent the financial fraud along with further accessing of the documents.

The compromised data contains patient names, patient account numbers, enrollee or subscriber numbers, provider names, dates of service, payment data, claims number, and procedure codes. Driver's license numbers, Social Security numbers, banking details, as well as diagnoses have not been breached during this security incident.

The hack has been reported to FBI, who launched an investigation that is still going on. Further, the Blue Cross of Idaho officials said that their internal cybersecurity consultants along with the financial experts are working with the external cybersecurity consultants in order to review security of the impacted patient portal as well as financial transactions which have occurred. All the transactions going through system were monitored, so as to ensure that they are legitimate.

All the affected individuals will get new ID cards having new membership ID numbers in the upcoming weeks. Further, the official said that three years of complementary identity theft restoration and credit monitoring services have been offered to patients by Blue Cross. Normally, breached organizations offer credit monitoring services to impacted patients for one year. In this case, extended time period that is provided by the Blue Cross reflects nature of this hack: attempted fraud.

The officials stated in a statement that "while the provider remittance documents did not include any member's bank account or credit card information, Blue Cross of Idaho still recommends that members remain vigilant to the possibility of fraud and identity theft by reviewing their bank, credit card and other financial statements for any unauthorized activity".

» SPAMfighter News - 5/8/2019