Monday, February 06, 2023
PITTSBURGH (February 6, 2023) - Highmark Inc. (Highmark) recently became aware of a data security incident related to a malicious email phishing campaign affecting approximately 300,000 members.
The incident in question was discovered on Dec. 15, 2022, and occurred between Dec. 13, 2022, and Dec. 15, 2022, whereby an employee was sent a malicious phishing email link that led to their email account being compromised and a threat actor obtained access to files that may have contained the protected health information (PHI) of Highmark members.
Highmark immediately responded to this incident and launched an investigation. The response teams quickly contained the mailbox, removed the malicious email from all domain users and implemented additional preventative and monitoring controls. We have engaged our vendor supporting our email environment who assisted with implementing additional preventive controls to enhance our security posture and email security controls. We also engaged a third-party digital forensics firm to determine the full extent of the breach.
Highmark has not discovered any evidence to date that data potentially accessed because of this incident has been used fraudulently.
Highmark members whose information may have been compromised are being notified by mail this week. Information potentially disclosed includes names, enrollment information such as group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information, dates of birth, email addresses, phone numbers, driver’s license number, passport number, as well as in some cases social security numbers and financial information.
Highmark takes the security of member information seriously and has implemented a robust action plan to bolster employee training on phishing email threats to prevent future incidents of this nature.
Beginning Friday, Feb. 10, members with questions can contact our dedicated call center at 800-459-4092 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Be prepared to provide engagement number BO84697 when calling.
About Highmark Inc.
One of America's leading health insurance organizations and an independent licensee of the Blue Cross Blue Shield Association, Highmark Inc. (the Health Plan) and its affiliated health plans (collectively, the Health Plans) work passionately to deliver high-quality, accessible, understandable, and affordable experiences, outcomes, and solutions to customers. As the fourth-largest overall Blue Cross Blue Shield-affiliated organization, Highmark Inc. and its Blue-branded affiliates proudly cover the insurance needs of approximately 6.8 million members in Pennsylvania, Delaware, New York and West Virginia. Its diversified businesses serve group customer and individual needs across the United States through dental insurance and other related businesses. For more information, visit www.highmark.com.