Newkirk Products Inc., which provides ID cards and management services for healthcare organizations, including multiple Blue Cross Blue Shield organizations, has announced that it has discovered that its computer system was compromised starting on May 21, 2016, although the intrusion was not discovered until July 6, 2016.
Newkirk has started to notify the 3.3 million individuals affected and is offering two years of identity theft monitoring and resolution services.
The compromised data includes name, address, date of birth, health plan type, member ID number, group ID number, premium invoice information, primary care provider, Medicaid ID number (usually a SSN), and names of dependents enrolled on members’ health plans, although Newkirk states that no Social Security numbers, health insurance details and financial information were not exposed.
According to reports, the compromise included approximately 790,000 Blue Cross Blue Shield of Kansas City members.
This represents the third largest data breach involving health information in 2016.