PITTSBURGH, Pa. (WHTM) — Highmark Inc. has announced a data security incident that has affected approximately 300,000 members.
According to the company, the incident occurred between Dec. 13-15, 2022 after an employee was sent a malicious phishing email link that led to their email account being compromised.
The email allowed a threat actor to obtain access to files that may have contained the health information of Highmark members.
Information potentially disclosed includes names, enrollment information such as group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information, dates of birth, email addresses, phone numbers, driver’s license number, passport number, as well as in some cases social security numbers and financial information.
Because of this, Highmark states they have responded to the incident and launched an investigation. The team contained the mailbox and was able to remove the email from all domain users and started the use of additional preventative and motoring controls.
Highmark has also engaged in third-party digital forensics to determine the full extent of the breach. The company states they have not discovered any evidence to date that data potentially accessed because of this incident has been used fraudulently.
Highmark has said that members whose information might have been compromised are being notified by mail.
Beginning Friday, Feb. 10, members with questions can contact Highmark at 800-459-4092 Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central.