On September 9, 2015, Excellus BlueCross BlueShield announced that its information technology systems were the target of a sophisticated cyber-attack.
Capital BlueCross systems were not impacted by, and were not part of, the attack on Excellus’ systems. Capital BlueCross and Excellus are separate and distinct companies.
However, the cyber-attack on Excellus also affected members of other BlueCross BlueShield plans – including current and former Capital BlueCross members – who may have received health care services in Excellus’ service area, which includes 31 counties in upstate New York, since 1993. This is because 37 independent, locally operated companies across the United States, including Capital BlueCross, form the BlueCross BlueShield system, enabling Blue plan members to get the high-quality, affordable health care they need wherever they are.
According to Excellus, the cyber-attackers may have gained unauthorized access to members’ information which could include name, date of birth, address, telephone number, Social Security number, member identification number, financial account information, and claims information.
Excellus is mailing letters and providing two years of free credit monitoring and identity theft protection services to all affected individuals. Individuals who believe they may have been affected by this cyber-attack, and want to enroll in these services prior to receiving their letter, may do so by following the instructions for enrollment found at www.excellusfacts.com.
Capital BlueCross’ Commitment to Information Security
Protecting member information is of the utmost importance to Capital BlueCross and we maintain a vigilant data security program.
From state-of-the-art technology, to continuous monitoring of our systems, we work to ensure that the best technical and administrative safeguards are in place. Additionally, we contract with third-party information security organizations and subject matter resources to provide continuous monitoring of our systems.
In light of recent attacks on other companies in the health insurance industry, Capital BlueCross also has undertaken additional actions to strengthen the company’s information technology systems and data security program.