Delaware DOI Investigating Data Breach Affecting 19,000 Consumers
The Delaware Department of Insurance is investigating a security breach involving Summit Reinsurance Services Inc. (SummitRe) and BCS Financial Corp., both subcontractors of Highmark BlueCross BlueShield of Delaware.
The department was made aware of the breach as a result of multiple consumer complaints, according to a press release issued by the department.
The release states that the breach affects thousands of Delawareans with employer-paid plans. Karen Kane, director of Privacy and Information Management for Highmark Blue Cross Blue Shield of Delaware, reported the breach impacts a total of 16 current and former Highmark self-insured customers and approximately 19,000 of its members.
SummitRe has access to personal information because it provides underwriting and consulting reinsurance services to certain insurance companies, President Mark Troutman outlined in a letter to consumers.
The breach announcement comes after SummitRe discovered on Aug. 8, 2016, that ransomware had infected a server containing consumers’ personal information, Troutman stated in the letter.
The information contained on the affected server may have included consumers’ names, Social Security numbers, health insurance information, providers’ names and claim-focused medical records containing diagnosis and clinical information.
After discovering the ransomware, SummitRe immediately launched an investigation to determine the name and scope of the event and to prevent the encryption of data contained on the server, the letter stated. SummitRe also began working with third-party forensic investigators to assist with these efforts. While the forensic investigation is ongoing, there is no direct evidence to date that the data has been used inappropriately, the letter said.