Posted On February 8, 2023 Consumer Privacy & Data Breaches
February 8, 2023 – Highmark, Inc. filed notice of a data breach with the Maine Attorney General on February 6, 2023 after learning of an incident involving unauthorized access to an employee’s email. According to the filing, the information that was accessed included consumers’ full names, financial account information, protected health information, insurance information, and Social Security numbers. Once Highmark confirmed the data breach, the company sent breach notification letters to all 300,000 individuals affected.
There is an ongoing investigation being conducted by data breach lawyers at Console & Associates, P.C. If you are a recipient of a data breach notification letter from Highmark, your information may be in the hands of an unauthorized party. We are offering free consultations to help victims of the attack learn about the risks of identity theft, what you can do to protect yourself, and if you can receive financial compensation from Highmark.
Highmark, Inc. is a non-profit healthcare company that also has for-profit areas. Originally founded in 1996 in Pittsburgh, Pennsylvania, Hallmark is affiliated with Blue Cross Blue Shield as the fourth largest organization with 6.8 million members across Pennsylvania, New York, West Virginia, and Delaware. The company generates approximately $34 billion in revenue annually and employs over 37,000 people.
According to the filing with the Maine Attorney General, Highmark detected a breach by an unauthorized party on its computer system on December 15, 2022. The company discovered a malicious email on an employee’s email account. As a result, Highmark ensured the security of the company computer network by blocking it and resetting passwords. The company also launched an investigation into the incident.
After the investigation was concluded, Highmark determined that an unauthorized third party had been able to access consumers’ full names, financial account information, protected health information, insurance information, and Social Security numbers between December 13, 2022 and December 15, 2022.
On February 13, 2023, Highmark, Inc. sent breach notification letters to all affected individuals.
If a business is seen as negligent in protecting sensitive data, it could be held accountable monetarily for a data breach. Unfortunately, many become victims of identity theft and other types of fraud due to such incidents. Data breaches can take quite a long time to be fixed.
Businesses that have been infiltrated by hackers are victims of the attack as well and are frequently targeted by hackers using sophisticated methods intended to get around security measures. However, corporations that are well-prepared for cybersecurity can usually prevent most incursions and rapidly eliminate any they cannot.
Companies can be seen as negligent in protecting customer data in several ways, such as utilizing outdated security systems or failing to keep their security systems up to date. Phishing scams are a frequent occurrence, with employees often being the target of these efforts. To combat this, companies should train their staff to recognize and report any potential phishing attempts.
Though the investigation into the Highmark, Inc. data breach is ongoing, it’s best to know your options. If there is evidence of negligence by Highmark, Inc. in keeping your confidential information secure, you may be able to pursue a data breach lawsuit and receive financial compensation for damages as a result of the data breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Highmark, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to all affected individuals:
At Highmark, we take the security and privacy of all information very seriously, and we make every effort to ensure that confidential information is protected and kept secure. Unfortunately, we are notifying you of a non-permitted disclosure of your protected health information (PHI).
What happened? On December 15, 2022, Highmark discovered that a Cyber Security Incident occurred whereby an employee was sent a malicious email link that led to their email account being compromised. The compromise occurred between December 13, 2022, and December 15, 2022. During this Cyber Security Incident, a threat actor may have accessed emails within our employee’s email account. During our investigation and review of the impacted employee mailbox, we determined some of the emails that may have been accessed contained your protected health information.
What information was involved? The data elements that were potentially disclosed includes your name, social security number, and may include enrollment information such as your group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information as well as in some cases, financial information, your address, phone number and email address.
What are we doing? Consistent with corporate policies and procedures, Highmark has taken internal actions to safeguard your protected health information. The mailbox was immediately shut down, network blocking was implemented, passwords were reset, and the enterprise will continue to enhance email security controls. Additional training and education has been provided to employees in regard to the Cyber Security Incident to make them aware and help prevent future Cyber/Phishing attempts in the future.
While, at this time, we have no evidence that your information was misused, our risk assessment on this incident concluded that notice to you is appropriate. To help protect your identity, we are offering complimentary access to Experian IdentityWorksSM for 24 months at no cost to you.
If you believe there was fraudulent use of your information as a result of this incident and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent. If, after discussing your situation with an agent, it is determined that identity restoration support is needed then an Experian Identity Restoration agent is available to work with you to investigate and resolve each incident of fraud that occurred from the date of the incident (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).
Please note that Identity Restoration is available to you for the 24 months from the date of this letter and does not require any action on your part at this time. The Terms and Conditions for this offer are located at [Redacted].
While identity restoration assistance is immediately available to you, we also encourage you to activate the fraud detection tools available through Experian IdentityWorks as a complimentary 24-month membership. This product provides you with superior identity detection and resolution of identity theft. To start monitoring your personal information, please follow the steps below:
Ensure that you enroll by May 31, 2023 (Your code will not work after this date.)
Visit the Experian IdentityWorks website to enroll: [Redacted]
Provide your activation code: [Redacted]
If you have questions about the product, need assistance with Identity Restoration that arose as a result of this incident or would like an alternative to enrolling in Experian IdentityWorks online, please contact Experian’s customer care team at 800-459-4092 by May 31, 2023. Be prepared to provide engagement number [Redacted] as proof of eligibility for the Identity Restoration services by Experian.