Arkansas Blue Cross and Blue Shield and its affiliate company, Health Advantage, announced today that a previous vendor was the target of a cyber attack. Steps are being taken to protect approximately 1,430 members whose information may have been affected.
The cyber attack occurred at OneTouchPoint, Inc. (OTP) a printing/mailing vendor for Matrix Medical Network (Matrix), which provided member services for Arkansas Blue Cross and Health Advantage. OTP had members’ personal information in their computer files which may have been exposed in the cyberattack.
It is important to note that the OTP cyber attack did not involve Arkansas Blue Cross or Health Advantage computer systems or data. The entire incident was limited to OTP and its computers and records.
“Protecting personal information is a top priority for us, and we take this issue very seriously,” said Kathy Ryan, executive vice president and chief operating officer for Arkansas Blue Cross. “We regret the concern it may cause our affected members, and we’re making a broad range of services available today to help protect their information.”
Letters will be mailed on June 27 to affected members providing them with detailed instructions on how to sign up for 12 months of free identity detection and resolution of identity theft and credit monitoring services.
OTP is continuing its investigation with the assistance of third-party forensic specialists to determine the nature and scope of the activity. While OTP cannot determine definitively if the information was accessed by the unauthorized actor and has no evidence of misuse of any information related to this incident, Arkansas Blue Cross and Health Advantage are exercising an abundance of caution to protect members.
Information potentially exposed to the cyber-attackers includes: names, addresses, dates of birth, provider names and medical information. According to OTP, member Social Security numbers were not affected by this cyber attack.
Neither Matrix nor OTP currently perform any work or services for Arkansas Blue Cross and Health Advantage.
“Although this was an incident that occurred at another company and we played no role in it, we regret that member personal information may have been exposed by it, and we are working to help manage this process in their best interests,” said Ryan. “We recognize this issue can be frustrating and we are taking steps to get to the bottom of the incident and provide members with peace of mind through this process, in part with free credit monitoring and identity theft protection.”