NewsLocal News

Actions

Highmark notifies members of data breach related to malicious email phishing campaign

Voters in Florida, other states report receiving threatening emails demanding a vote for Trump
Posted at 1:43 PM, Feb 17, 2023
and last updated 2023-02-17 13:43:53-05

BUFFALO, N.Y. (WKBW) — Highmark Inc. announced on February 6 that it became aware of a data breach related to a malicious email phishing campaign.

"The incident in question was discovered on Dec. 15, 2022, and occurred between Dec. 13, 2022, and Dec. 15, 2022, whereby an employee was sent a malicious phishing email link that led to their email account being compromised and a threat actor obtained access to files that may have contained the protected health information (PHI) of Highmark members."

Highmark says it did not involve customers of Highmark Blue Cross Blue Shield of Western New York.

"A very small percentage of New York residents may have been affected if their company is insured through Highmark and headquartered outside of New York State. Across all of New York State, including New York City, less than 1,800 individuals were notified that they may have been affected," a spokesperson said in a statement to 7 News.

Highmark said it immediately responded and launched an investigation.

"The response teams quickly contained the mailbox, removed the malicious email from all domain users and implemented additional preventative and monitoring controls. We have engaged our vendor supporting our email environment who assisted with implementing additional preventive controls to enhance our security posture and email security controls. We also engaged a third-party digital forensics firm to determine the full extent of the breach."

You can find more information here.