AETNA NOTIFIES MEMBERS OF VENDOR PRIVACY BREACHThis serves as a public notice that Aetna, a CVS Health business (NYSE: CVS), has notified approximately  [Virginia ] residents that Centerstone Insurance and Financial Services, Inc. d/b/a BenefitMall, a general agent that also acts as a third-party vendor that Aetna utilizes to provide administrative services related to employee benefits (e.g., enrollment and billing services), had certain employee email accounts compromised. Aetna confirmed that this incident did not involve any Aetna system or application, and did not involve any personal information that Aetna maintained.BenefitMall notified Aetna on December 11, 2018 that Aetna members may have been impacted by the breach. On December 18, 2018, BenefitMall provided Aetna with a list of potentially affected members. Upon receipt, Aetna began to gather the information necessary to mail letters to affected members to explain the situation and provide additional resources. Although Aetna is not aware of any evidence to indicate improper use of member information, Aetna is offering each affected member two years of credit monitoring coverage, at no cost,.BenefitMall notified Aetna that the breach was caused by phishing attacks, which occurred between approximately June 2018 and October 19, 2018, and have since been contained. BenefitMall informed Aetna that the affected correspondence may have included names, addresses, Social Security numbers, dates of birth, zip codes, bank account numbers, plan descriptions, premium payment amounts, and health plan beneficiary numbers.
If members have any questions, they can call Aetna toll-free at the number on the back of their member ID cards. 6285007