Bankers Life hit by data breach exposing PII of Humana health insurance policy applicants

• The exposed personally identifiable information (PII) included names, addresses, dates of birth, last four digits of Social Security numbers, and limited information on Humana health insurance policy.
• This incident did not compromise full Social Security numbers, banking or credit card details or health care information.

Managed health care provider Humana offers health insurance policies to its customers through Bankers Life. Humana notified its customers that their personal information could have been compromised as a result of a data breach that hit Bankers Life.

Hacker(s) used Banker Life employee’s system credentials between May 30, 2018, and September 13, 2018, to gain unauthorized access to its websites, thereby potentially stealing personal information of individuals who had applied for a Humana health insurance policy through Bankers Life.

What information was compromised?

The personal information compromised involved health insurance policy applicants’ names, addresses, dates of birth, last four digits of Social Security numbers, and limited information on Humana health insurance policy.

However, the incident did not compromise full Social Security numbers, payment card details or health care information.

What actions were taken?

• Upon learning about the incident on August 7, 2018, Humana reported the incident to the federal law enforcement.
• The healthcare provider retained an external forensics investigator to investigate the incident.
• The firm has taken steps to restrict and monitor access to its systems.
• It has also taken measures to enhance its security procedures and has decided to provide additional security training for certain employees.
• Furthermore, Humana confirmed that Bankers Life is offering one-year free identity repair and credit monitoring services for potentially affected customers.
• Humana requested its customers to stay vigilant in monitoring their account statements and promptly report in case of any such incidents.

“We want you to know that, at Humana, we take seriously our responsibility to ensure the security of your information. We regret any concern this incident may have caused. You have privacy rights under a Federal law that protects your health information. It is important for you to know you can exercise these rights, ask questions about them, and file a complaint if you think Humana has not taken adequate steps to protect your health information,” the notice read.