SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Humana NOTICE OF DATA BREACH

By Humana Staff

January 7, 2019

Humana is writing to inform you, a valued member, of a recent security incident involving one of Humanaís
business associates, which may have involved some of your personal information. Humana partners with
Bankers Life to offer select health insurance policies in your state.

Humana takes the privacy and security of your personal information seriously and for this reason wants you to
understand what happened and what steps you can take to protect yourself.
What Happened?

On October 25, 2018 Humanaís Privacy Office was notified that Bankers Life discovered a bad actor accessed
system credentials belonging to a limited number of Bankers Life employees between May 30 and September
13, 2018. During this period, the an unauthorized bad actor used employee system credentials to gain access
to certain secure, Bankers Life websites, potentially resulting in unauthorized access to limited, personal
information of individuals who had applied for a Humana health insurance policy through Bankers Life.
Humana requires executed Business Associate Agreements with all organizations and companies that perform
any services involving our memberís protected health information. This Business Associate Agreement
requires Bankers Life and their vendors to be in compliance with federal HIPAA privacy regulations and to
follow guidelines and policies established by Humana in maintaining the privacy and confidentiality of all
protected health information. We also conduct audits of our business associates to validate that processes are
being followed.

What Information Was Involved?

Humana is providing this notice to you out of an abundance of caution because of the possibility that a limited
amount of your personal information, associated with a Humana health insurance application or policy, may
have been accessed.

Your information that could have been accessed includes: name, address, date of birth, last four digits of your
Social Security number, and limited information about your Humana health insurance policy (such as the type
and cost of the coverage, and application or policy number). This incident did not involve any unauthorized
access to other types of information, such as full Social Security number, banking or credit card information or
information about your health or medical care.

What Are We Doing?

When Bankers Life first learned of this activity on August 7, 2018, it began an investigation and notified federal
law enforcement. Bankers Life hired an external forensics investigator to conduct an investigation and took
steps to further restrict and monitor access to its systems and enhance additional security procedures,
including additional training for certain employees.

What You Can Do

Bankers Life is offering one year of free identity repair and credit monitoring services through ID Experts.
More information on how to enroll in these services can be found in the enclosed Reference Guide. We also
encourage you to remain vigilant in monitoring your account statements and insurance transactions for
incidents of fraud and identity theft, and to promptly report such incidents. We encourage you to routinely
review bills, notices, statements and explanation of benefits that you receive from financial institutions,
hospitals, doctors and health insurance companies. The enclosed Reference Guide includes additional
information on steps you can take to monitor and protect your personal information.

We want you to know that at Humana we take seriously our responsibility to ensure the security of your
information. We regret any concern this incident may have caused. You have privacy rights under a Federal
law that protects your health information. It is important for you to know you can exercise these rights, ask
questions about them, and file a complaint if you think Humana has not taken adequate steps to protect your
health information.

Humana respects your right to file a complaint with us or with the Department of Health and Human Services
through the Office of Civil Rights.

Terms of Use | Copyright © 2002 - 2019 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement