Humana notifies members of business associate breach at Bankers Life

Humana‘s name has been popping up too much in my breach news searches recently. I noted two incidents in December involving Humana (one theft report and one hack involving Family Physicians Group (now Humana). Now I’ve spotted a third incident report, although this one is a breach involving a business associate.

Bankers Life logo

According to a notification letter that appears to be from this week, the Kentucky-based health insurance provider was notified on October 25 by Bankers Life that that a bad actor had accessed system credentials of some Bankers Life employees and used them to access Bankers Life websites where people could apply online for Humana health insurance.

Although not in the notification letter (embedded below), a notice on Bankers Life web site indicates that the breach may have also impacted individuals who have a Medicare Supplement policy issued by Colonial Penn Life Insurance Company.

The unauthorized access occurred between May 30 and September, 13, 2018. Bankers Life had become aware of unusual activity on August 7, 2018, and had initiated an investigation to determine the source. They also notified law enforcement, retained an external forensics investigator to assist them, and began to place additional restrictions on access to their systems with additional monitoring also deployed.

The investigation determined that the compromise of the web sites potentially exposed applicants’ name, address, date of birth, last four digits of Social Security number, and some information about the health insurance policy (such as the type and cost of the coverage, and application or policy number).

To help mitigate any potential harm, Bankers Life is offering those potentially affected one year of identity repair and credit monitoring services through ID Experts.

HUM1-Notification-HU18005C9-Multiple-Bankers-Life_0

About the author: Dissent