Highmark Health Data Breach leaves 300K Individuals Exposed

On or around February 6, 2023, it was discovered that a cybersecurity breach left Highmark Health’s servers susceptible to attack. Around December 15, 2022, the company learned that an employee accessed a malicious email causing an exposure of clients’ and employees’ sensitive and private information. An unknown actor was able to access the company’s health organization information, potentially leaving patient data vulnerable and 300,000 individuals at risk.

The Pittsburgh-based Highmark Health is a national blended health organization that serves individual consumers and businesses alike. Highmark learned of a cyber security incident targeting its employees, with one employee opening a malicious email link that left their account compromised. Highmark immediately engaged in an investigation, uncovering that between December 13 and 15, 2022 a threat actor may have accessed emails within the Highmark employees email account, possibly accessing patients’ protected health information. Highmark will begin mailing notice letters to affected individuals around February 13, 2023. This could potentially leave many individuals affected by fraud unaware of a likely reason.

Patient information such as names, social security numbers, enrollment information such as group names, identification numbers, claims or treatment information such as claim numbers, dates of service, procedures, prescription information as well as in some cases, financial information, addresses, phone numbers and email addresses and potentially much more have been exposed.

If you received a letter from Highmark Health indicating that your information was involved in a data breach, fill out this form to participate in Shub Law’s investigation.