On February 6, 2023, Highmark, Inc. filed a notice of data breach with the Maine Attorney General after learning that an employee’s email account had been compromised following a phishing attack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, financial account information, insurance information and protected health information. After confirming that consumer data was leaked, Highmark began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you are a current or former member of a Highmark insurance plan, the information you provided to the company may now be in the hands of cybercriminals. As we’ve discussed in prior posts, these data breaches put you at a significantly increased risk of identity theft and other frauds. However, as a data breach victim, there are certain steps you can take to reduce the risk of fraud. Additionally, if evidence emerges that Highmark was negligent in how it handled your information, you may be able to obtain financial compensation through a data breach lawsuit.

What We Know So Far About the Highmark Breach

The available information regarding the Highmark breach comes from the company’s filing with the Attorney General of Maine. According to this source, on December 15, 2022, Highmark learned of a cybersecurity incident involving a malicious email that had been sent to an employee’s email address resulting in the employee’s email account being compromised. In response, Highmark shut down the affected email account, blocked its networks, reset its passwords, and conducted an investigation to determine what, if any, patient information was exposed.

The Highmark investigation confirmed that an unauthorized party was able to access the employee’s email account between December 13, 2022 and December 15, 2022. It was also determined that some of the emails and attachments within the email account contained confidential patient information.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Highmark began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, group name, identification number, claim numbers, dates of service, procedures, prescription information, financial information, address, phone number and email address.

On February 13, 2023, Highmark sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Highmark, Inc.

Founded in 1996 and based in Pittsburgh, Pennsylvania, Highmark, Inc. is a not-for-profit health insurer that also operates several for-profit segments. As the fourth-largest Blue Cross Blue Shield-affiliated organization, Highmark Inc. and its affiliates insure approximately 6.8 million members in Pennsylvania, Delaware, New York and West Virginia. Some of the companies in Highmark’s portfolio include Highmark Health, Allegheny Health Network, United Concordia Dental, HM Insurance Group, enGen, and Helion. Highmark employs more than 37,000 people and generates approximately $34 billion in annual revenue.