An email hack at EyeMed, a company that health plans contract with to provide vision benefits, led to a data breach that affected at least 484,157 Aetna members and more than a thousand BlueCross BlueShield of Tennessee members.
Cincinnati-based EyeMed said that on July 1, it discovered an unauthorized person gained access to an EyeMed email mailbox. The person sent phishing emails to email addresses that were housed in the mailbox's address book. The access was blocked on the same day.
Aetna was informed about the breach in September. The insurer said breached information includes names, addresses, dates of birth and vision insurance account information. In some limited instances, Aetna said full or partial social security numbers, birth or marriage certificates, medical diagnoses, treatment information and financial information may have been exposed.
BCBS of Tennessee was also affected by the breach, but on a smaller scale. The insurer estimates about 1,300 members were affected by the hack, according to the Chattanooga Times Free Press.
EyeMed said there isn't any evidence that the information has been stolen or misused.