PITTSBURGH (TNS) — Health insurer Highmark said Friday an employee fell victim to a malicious email request, resulting in the disclosure of private information of about 300,000 Highmark customers.
Highmark said the personal information included or may have included names, medical claims- and treatment-related information, driver’s license numbers, financial information and social security numbers.
Highmark said in a news release it “has not discovered any evidence to date that data potentially accessed because of this incident has been used fraudulently.”
The Pittsburgh-based health insurer with several thousand employees in Cumberland County said the employee had received “a malicious phishing email link that led to their email account being compromised.”
Highmark said it learned of the breach on Dec. 15 and the incident had occurred within the previous two days.
Highmark said it immediately began investigating and took actions including new controls and preventions and hiring an outside firm to determine the full impact of the breach.
Highmark said it began notifying affected customAsked why notification is coming nearly two months after Highmark learned of the breach, a spokesman said the investigation took more than a month and then Highmark had to “process the results” to figure out which customers needed to be notified.
He said Highmark’s notification of members is within timeframes required by federal law.
“Highmark takes the security of member information seriously and has implemented a robust action plan to bolster employee training on phishing email threats to prevent future incidents of this nature,” Highmark said in a news release.
Highmark said members with questions can call (800) 459-4092.
