A NOTICE TO OUR MEMBERS REGARDING PHISHING EMAIL INCIDENT
Elderplan, Inc., is committed to protecting the security and confidentiality of our members’ personal information.
This notice is regarding an incident involving some of that information.
On June 6, 2017, we learned that an unauthorized individual gained access to several employees’ email accounts. When we learned of this incident, we immediately disabled the email accounts of the employees who responded to the phishing email, blocked any further access to the phishing email, and began an investigation. After an extensive investigation conducted by a leading third-party forensic vendor, we were able to determine that no suspicious activity was indicated in the short window of time before the affected email accounts were disabled, nor were any emails forwarded from the accounts. However, we cannot definitively say that emails in those accounts were not otherwise viewed or accessed. The investigation confirmed some members’ personal information was included in some of the emails in the affected inboxes, including members’ names, insurance information, Medicare numbers, Social Security numbers, diagnoses, treatment dates, and treatment facilities.
We have no indication that any members’ information was ever accessed or used in any way. We are in the process of mailing letters to affected members and have established a call center to answer any questions members may have. To help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide identity monitoring at no cost to the affected members for one year. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. The identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration. We also recommend that members review the statements and Explanations of Benefits (EOBs) that they receive from Medicare and any other secondary insurers that they may have. If you see services that you did not receive, please contact Medicare or your other insurers immediately.
If you believe you have been affected or if you have questions regarding this incident, please call 1-855-205-6947 Monday through Friday between 9:00am and 6:00pm Eastern Time.
We sincerely apologize for any inconvenience or concern this may cause our members. To help prevent something like this from happening in the future, Elderplan is implementing additional security measures for the access of email and use of mobile devices. We are also conducting refresher training for all Elderplan employees on security procedures.