How’s this for a new twist on the healthcare data breach?
The fairly unknown issuer of ID cards for millions of commercial health plan members reported an “unauthorized access to a server containing certain personal information.” The data breach reportedly affected as many as 3.3 million people.
Newkirk Products, an Albany, New York-based company that issues ID cards for several Blue Cross and Blue Shield plans and provides management services to other commercial payers, reported the hack on Friday. The company was acquired on July 1 by Broadridge Financial Solutions, of Lake Success, New York, for $410 million.
Just five days after the sale closed, Newkirk discovered unauthorized access to a server containing personal data, including names, addresses, member ID numbers, members’ designated primary care physicians and other details. Newkirk said that the server did not store Social Security numbers, credit card numbers, medical records or information on specific insurance claims.
The hack apparently started on May 21.
Buried on an inside page of a website Newkirk set up to disseminate information on the breach and subsequent response was a note that the data breach affected about 3.3 million people. The company said it has no evidence that any of the data has been used “inappropriately.”
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
The 3.3 million people include members of Blue Cross and Blue Shield of Kansas City, Blue Cross Blue Shield of North Carolina, HealthNow New York Inc., BlueCross BlueShield of Western New York, BlueShield of Northeastern New York and Capital District Physicians’ Health Plan, Inc. (CDPHP), according to Newkirk.
Also included in the total are members of several plans Newkirk provides management services to. Among these plans are Gateway Health Plan, Highmark Health Options, West Virginia Family Health, Johns Hopkins Employer Health Programs, Priority Partners Managed Care Organization and Uniformed Services Family Health Plan, as well as former parent company DST Health Solutions, an IT consulting firm.
As has become customary in healthcare data breaches, Newkirk is offering two years of identity protection services to all affected individuals.
Photo: Flickr user Nick Carter
