Healthfirst Reports Data Security Event Impacting 6,836 Members

Mar 14, 2024

Healthfirst has notified Federal and State regulators that it discovered unauthorized access of its member portal impacting 6,836 of its close to 2 million members. Healthfirst reported that member names, dates of birth, Healthfirst member ID numbers, and member zip codes were used to create unauthorized digital accounts. Healthfirst disabled access to the unauthorized accounts as an immediate containment measure and has updated its internal protocols for digital member account validation.

The company is conducting an ongoing investigation to identify the source of the unauthorized activity and has taken comprehensive action to notify members. While its investigation is ongoing, Healthfirst has no reason to believe that this incident is related to the ongoing cybersecurity incident impacting Change Healthcare.

Healthfirst takes the privacy and security of its members’ health information very seriously and is committed to taking steps to ensure the company’s member information is not misused. The company is committed to providing its members with support to help protect against possible identity theft or other financial loss. To provide protection and peace of mind, Healthfirst is offering affected members access to one year of free identity theft protection services.

Individuals may contact Healthfirst for questions about this issue by calling the Customer Contact Center on the back of their member ID card or by emailing the Privacy Office at HIPAAprivacy@healthfirst.org.