Goldman Scarlato & Penny, P.C. is investigating a possible claim on behalf of persons whose private information was compromised as a result of a data breach announced by health insurance provider Excellus BlueCross BlueShield (“Excellus”) on September 9, 2015.
According to news reports, “Excellus is the largest health insurer in the Rochester, N.Y., region with customers in multiple counties across New York. Other affiliates believed to have been breached include MedAmerica and Univera Healthcare.”
Excellus learned of the attack in August 2015 and in its announcement this week, admitted that its data systems had been hacked as far back as December 2013. It is believed that 10.5 million personal records were stolen, some of which were through Excellus’ parent company, Lifetime Healthcare Companies.
According to the company, thieves gained unauthorized access to personal data of Excellus’ current and former customers. The data they accessed included: names, social security numbers, addresses, email addresses, telephone numbers, financial information, and medical claims.
The Excellus data breach is the latest in a string of data breaches affecting large health insurance companies. For example, in February 2015, Anthem Inc., the second largest health insurer in the country, announced a data breach that exposed the personally identifiable information (commonly referred to as “PII”) of almost 80 million of its customers and employees. Then in March 2015, Premera Blue Cross announced a data breach that exposed the PII of 11 million customers and employees.
Unfortunately, how the stolen data might impact Excellus’ current and former customers will take some time to be revealed. As we saw with the March announcement of the Premera Blue Cross data breach, and the February announcement of the Anthem Inc. data breach, repercussions can be frightening. Coinciding with those two breaches were an alarming number of reports of stolen social security numbers being used to file false tax returns and claim refunds in the names of the persons whose identity was stolen. Potential fraudulent activity could also include health care fraud and obtaining credit cards in someone else’s name.
Following on the footsteps of the recent data breach, Excellus is offering two years of free credit monitoring and identity theft protection to its customers. However, these remedial actions come too late. Once the sensitive personal data of customers has been stolen, it is usually only a matter of time before the repercussions will be seen. In many cases, fraud stemming from the hack will continue long after the two years of credit monitoring has passed.
If you receive a notice from Excellus that your information was stolen or if you believe that you are a victim of the Excellus data breach, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating data breach actions against Community Health Systems, Anthem, Premera, Intuit, United Shore and Target. Please contact Mark Goldman at goldman@lawgsp.com or Paul Scarlato at scarlato@lawgsp.com or call (484) 342-0700 with any questions you may have.