A data breach has affected 300,000 Highmark Inc. health plan members.
According to filings the company made with the Maine Attorney General's office, a Highmark employee's email account was breached by a phishing email on Dec. 13. The company discovered the breach Dec. 15 and found the employee's account included protected health information, including Social Security numbers.
Affected members will be notified beginning this week, a spokesperson told Becker's. Highmark has found no evidence the data has been used fraudulently.
"Highmark immediately responded to this incident and launched an investigation. The response teams quickly contained the mailbox, removed the malicious email from all domain users and implemented additional preventative and monitoring controls," the spokesperson said.
Information accessed in the breach included group names, identification numbers, claims and treatment information, as well as personal information including dates of birth, email addresses, phone numbers, driver's license numbers, and passport numbers. In some cases, Social Security numbers and financial information were accessed, the company told Becker's.
"Highmark takes the security of member information seriously and has implemented a robust action plan to bolster employee training on phishing email threats to prevent future incidents of this nature," the spokesperson said.
Highmark Inc., or Highmark Health Plan, operates the Blue Cross Blue Shield affiliates in Delaware, West Virginia and parts of Pennsylvania and New York.