Share This Article
Arkansas Blue Cross and Blue Shield/BlueAdvantage Administrators of Arkansas and Health Advantage, announced today support for current and former members whose information was accessed through a vendor that was the target of a ransomware attack. Steps are being taken by the vendor to protect approximately 12,328 members whose information may have been affected.
The ransomware attack occurred at North Highland Company, LLC, which conducted customer satisfaction surveys for Arkansas Blue Cross/BlueAdvantage and Health Advantage, including a predictive analytics project to help determine how to improve the quality of programs and services offered to members. North Highland, which no longer provides predictive analytics services to Arkansas Blue Cross/BlueAdvantage or Health Advantage, had members’ personal information in their computer files which may have been exposed in the ransomware attack.
It is important to note that the North Highland ransomware attack did not involve Arkansas Blue Cross/ BlueAdvantage or Health Advantage computer systems or data. The entire incident was limited to North Highland and its computers and records.
North Highland mailed letters this week to affected members notifying them of the ransomware attack and providing detailed instructions on how to sign up for 12 months of free identity detection, resolution of identity theft and credit monitoring services that North Highland will be providing through Experian’s IdentityWorks.
“Keeping members’ personal information secure is a top priority,” said Kathy Ryan, executive vice president and chief operating officer for Arkansas Blue Cross. “We understand the inconvenience and frustration that this incident creates. We hope to alleviate concerns by informing members of the valuable services being made available to help protect their information.
North Highland is continuing its investigation alongside law enforcement personnel and is enacting technical remedial measures to help prevent future incidents. While North Highland has no indication the information stolen during the attack has been used illegally, the company is exercising an abundance of caution to protect members.
Information potentially exposed includes names, dates of birth, member IDs, diagnostic codes, procedural codes, genders and certain provider information. According to North Highland, member Social Security and financial information were not affected by this ransomware attack.
“While this incident did not occur at Arkansas Blue Cross/BlueAdvantage or Health Advantage, we want our affected members to know that we take this data event very seriously,” said Ryan. “We encourage members to be watching for the upcoming letter from North Highland containing more details and contact information should they have any questions regarding the protection services being provided to them by North Highland.”