About 790,000 current and former members of Blue Cross and Blue Shield of Kansas City are being notified that some of their personal information has been breached.
The data security incident occurred at Newkirk Products Inc., an Albany, N.Y.-based company that issues health care identification cards for many health insurance plans around the country.
Blue KC spokeswoman Kelly Cannon said the breach didn’t include Social Security numbers or any medical or financial information. But the affected data did include member names, mailing addresses and the types of health plan information, such a group ID numbers, printed on members’ cards.
So far, Newkirk and Blue KC said they have no evidence that the data has been used inappropriately.
Every affected person who had a Blue KC card issued between Sept. 2, 2012, and July 7, 2016, will get a letter that explains the data breach. The letters also will offer two years of free identity protection services to those individuals.
Cannon said the breach didn’t affect cardholders in the Blue KC Medicare or federal employee programs.
Newkirk said it discovered the security hack on July 6, shut down its server and began investigating. It said it hired a third-party forensic investigator to research the extent of the unauthorized access and notified federal law enforcement.
The investigation is continuing, but at this point, the company said, it appears the breach began on May 21, 2016.
Newkirk’s news release about the compromised information said the company was acquired on July 1 from Kansas City-based DST Systems Inc. by Broadridge Financial Solutions Inc. The release said “there is no evidence at this time” that Broadridge or DST infrastructures were affected.
Newkirk advised affected cardholders to review their plan account statements, medical bills and health insurance explanations of benefits and report any suspicious activity.
A special assistance line has been set up at 1-855-303-9773, along with a dedicated website at newkirkproductsfacts.com.