DE – DOI Investigating Highmark BlueCross BlueShield Data Breach

February 2017 ~

The Delaware Department of Insurance is investigating a security breach involving subcontractors of Highmark BlueCross BlueShield (BCBS) of Delaware: Summit Reinsurance Services Inc. (SummitRe) and BCS Financial Corp.

In January 2017, the Federal Bureau of Investigation (FBI) informed the Delaware Department of Insurance that the breach was being investigated by its Cyber Security Task Force.

In response, Delaware Insurance Commissioner, Trinidad Navarro, ordered an investigation which revealed that the breach happened on or around March 12, 2016, at SummitRe’s headquarters, as a result of ransomware which had infected a server containing consumers’ personal information, on or around August 8, 2016.

Once informed of the ransomware, SummitRe immediately launched an internal investigation to determine the name and scope of the event and to prevent the encryption of data contained on the server, the letter stated. SummitRe also began working with third-party forensic investigators to assist with these efforts.

Delaware insurance consumers were informed of the security breach in a letter in which President Mark Troutman outlined that SummitRe has access to personal information because it provides underwriting and consulting reinsurance services to certain insurance companies.

The information contained on the affected server may have included consumers’ names, Social Security numbers, health insurance information, providers’ names and claim-focused medical records containing diagnosis and clinical information.

According to a press release issued by the department, the breach affected a total of 16 current and former Highmark self-insured customers and approximately 19,000 consumers covered by Highmark Blue Cross Blue Shield of Delaware under employer-paid plans.

While the forensic investigation is ongoing, there is no direct evidence to date that the data has been used inappropriately, according to Troutman, it was recommended that all consumers check their credit reports to assure the security of their personal data.


Source(s): Delaware Online, February, 2017; HIPAA Journal, February 2017; Insurance Journal, February 2017;