BCBS KC ID Card Provider Hacked

Blue Cross and Blue Shield of Kansas City members will be getting a letter offering them free online identity protection after the company’s ID card provider revealed it was the victim of a computer hacker.

Albany, N.Y.-based Newkirk Products on Aug. 5 announced a cyber-security incident involving unauthorized access to a server containing certain personal information. 

Newkirk is a service provider that issues healthcare ID cards for health insurance plans, including Blue Cross and Blue Shield of Kansas City, Blue Cross Blue Shield of North Carolina, HealthNow New York Inc., BlueCross BlueShield of Western New York, BlueShield of Northeastern New York, and Capital District Physicians’ Health Plan Inc. and, through Newkirk’s relationship as a service provider to Kansas City, Mo.-based DST Health Solutions, Gateway Health Plan, Highmark Health Options, West Virginia Family Health, Johns Hopkins Employer Health Programs, Inc., Priority Partners Managed Care Organization and Uniformed Services Family Health Plan.

No health plans’ systems were accessed or affected in any way.

The data potentially subject to unauthorized access varies by plan, but includes some combination of: the member’s name, mailing address, type of plan, member and group ID number, names of dependents enrolled in the plan, primary care provider and, in some cases, date of birth, premium invoice information and Medicaid ID number.  The server did not contain Social Security numbers, banking or credit card information, medical information or any insurance-claims information.

On July 6, Newkirk discovered that a server containing member information was accessed without authorization.  Newkirk shut down the server, started an investigation into the incident and hired a third-party forensic investigator to determine the extent of the unauthorized access and whether the personal information of its clients’ members may have been accessed.  Newkirk also notified federal law enforcement.  While the forensic investigation is ongoing, it appears that the unauthorized access first occurred  on May 21.  Although the information contained on the server may have been accessed, Newkirk has no evidence to date that such data has been used inappropriately.

Broadridge Financial Solutions, Inc. acquired Newkirk on July 1 from KC-based DST Systems Inc. DST Health Solutions Inc. is a subsidiary of DST.  The Broadridge network was not compromised, as the Newkirk network has not been integrated into Broadridge.  Furthermore, there is no evidence at this time that any other Newkirk or DST service or infrastructure has been impacted by this incident.

Letters to those impacted by the incident are being mailed.  These letters include an explanation of the incident, an offer of two years of free identity protection and restoration services and information about additional ways impacted individuals can protect themselves.

To Learn More

Newkirk has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. This assistance line can be reached at 1-855-303-9773 (TTY/TDD: 711) 8am – 8pm CST Monday-Saturday.  Newkirk has also established a dedicated website (www.newkirkproductsfacts.com) where members can access information regarding the incident, including frequently asked questions and answers.