HealthFlex participants: Excellus shares about unauthorized access incident
On Aug. 5, Excellus BlueCross BlueShield learned that unauthorized users gained access to its systems. Excellus, a member of the Blue Cross and Blue Shield Association that operates in upstate New York, is a claims processor for Upper New York’s HealthFlex plan.
Blue Cross and Blue Shield of Illinois (BCBSIL) made the announcement of the information breech on Sept. 9:
As you know, the privacy of our members is a top priority. Blue Cross and Blue Shield of Illinois has a robust information security program and continually enhances its processes.
Yesterday, BCBSIL learned that unauthorized users gained access to Excellus BlueCross BlueShield’s systems. Excellus is a member of the Blue Cross and Blue Shield Association and operates in upstate New York.
Excellus announced Sept. 9 that it learned on Aug. 5 that some data, including personal data, may have been accessed by unauthorized users. Excellus notified the FBI and is cooperating with the bureau’s investigation.
Excellus reported the data that may have been accessed affected approximately 7 million people, and may have included name, address, telephone number, date of birth, Social Security number, member identification number, financial account information, and medical claims information.
We are working closely with Excellus to determine the extent to which any of our members’ personal data was improperly accessed. Our members may have been impacted – for example, certain BCBSIL members who sought treatment in Excellus’ service area, which includes 31 counties in upstate New York. In these instances, notifications will be sent as appropriate.
Excellus has said it is providing two years of free identity theft protection services. The company has established a dedicated website (www.excellusfacts.com) and a toll-free number for members to call (877-589-3331) to provide answers to frequent questions and to allow affected persons to sign up for the free credit monitoring and identity theft protection services. Individuals who believe they are affected by this cyberattack but who have not received a letter from the company by Nov. 9 are encouraged to call toll-free number above.