excellusIf your health insurance provider is Excellus, we’ve got some bad news for you. According to NBC News, health insurance company Excellus BlueCross BlueShield released a statement on Sept. 9 saying it has suffered a data breach which exposed the records of 10 million customers. Although the intrusion was detected a month ago on Aug. 5, an investigation determined that the initial attack occurred almost two years ago on Dec. 23, 2013. This is worrisome news for not only Excellus customers, but also those subscribed to Lifetime Healthcare Companies insurance plans, as well as anyone with a Blue Cross Blue Shield healthcare plan who has sought treatment in the 31-county upstate New York service area that Excellus covers.

What information is at risk?

Anyone with a healthcare plan from Excellus BlueCross BlueShield or Lifetime Healthcare Companies, including Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare, is at risk. Although it hasn’t been determined yet exactly what information was accessed or whether any of it has been used for nefarious purposes, the hackers had potential access to customer names, birth dates, social security numbers, mailing addresses, phone numbers, member ID numbers, financial account information and claims information. In addition to healthcare customers, anyone who has done business with Excellus and provided their financial account information or social security number is potentially at risk.

How is Excellus responding to this data breach?

Upon discovery, Excellus reported the intrusion to the FBI and has been working with the bureau as well as the Mandiant cybersecurity firm to investigate and get to the bottom of exactly what information was accessed, what, if anything, was done with it and who was behind the hack. A website has been set up — http://www.excellusfacts.com — to provide information to customers, and a toll-free phone line has also been enacted so concerned customers can call and have their questions answered. The hours for the phone line are Monday through Friday from 8 a.m. to 8 p.m. ET.

As is standard for large-scale data breaches, Excellus is also offering affected customers complimentary credit monitoring and identity theft protection. It has chosen Kroll to provide these services, which include credit monitoring from TransUnion, for a period of two years. Excellus has begun mailing letters to individuals affected, which contain information on how to activate your free credit monitoring. It urges anyone who doesn’t receive a letter but thinks they might be affected by the breach to call the toll-free phone line.

What should I do to protect myself and my family?

Sadly, this is not the first large healthcare data breach that has happened in recent years, and it probably won’t be the last, considering how at-risk the healthcare industry is for data breaches. If you believe you and your family might be among the 10 million people exposed, there are certainly steps you can take to help minimize the risk to your identity. Unlike other data breaches we’ve seen in the healthcare industry, there is a possibility financial accounts were exposed in this one — in addition to the tips outlined in our post for Anthem breach victims, it’s wise for Excellus victims to monitor their credit card and bank account statements closely in the months to come. Additionally, it’s important to realize that children are included when it comes to healthcare breaches, and child identity theft requires a slightly different approach than identity theft of adults.

Want to learn more about protecting yourself against identity theft? Follow our blog on the subject for up-to-date information.