Arkansas Blue Cross & Blue Shield on Tuesday announced a data breach affecting members of its Blue Wellness Rewards program.
The health insurance provider said the information was accessed through one its vendors, Healthmine, which hosts the Rewards online portal. On Aug. 26, Healthmine discovered that someone had accessed the system to illegally redeem digital gift cards.
The information exposed could include members’ names, addresses, email addresses, dates of birth and prescription histories, Arkansas Blue Cross said in a news release. No social security numbers or financial information was involved.
Upon discovery of the unauthorized activity, Healthmine disabled the Rewards accounts and blocked certain internet domains believed to have been used to access the portal.
Additional security measures have been implemented, as well. Arkansas Blue Cross hired a forensic firm to assist with the investigation and is cooperating with a law enforcement investigation.
Members who are affected will receive a letter from Arkansas Blue Cross outlining steps to help protect them from identity theft, including an opportunity to enroll in a complimentary one-year membership to Experian’s identity theft protection service, which includes credit monitoring, identity restoration and up to $1 million in identity theft insurance.
“We are taking the event very seriously,” Max Greenwood, vice president of government and media affairs for Arkansas Blue Cross, said in the release. “We apologize for any inconvenience it has caused our members. At this point, investigators believe the goal of the person(s) responsible was to obtain gift cards, not identity theft. Still, we encourage members to take advantage of the services being offered through Experian.”