Arkansas Blue Cross and Blue Shield (BCBS) has reported a recent vendor data breach involving personal information of its members.
In a notice on their website, BCBS revealed that Healthmine, the vendor responsible for a member rewards portal, discovered unauthorized access to certain rewards accounts.
“An unknown bad actor accessed accounts in the Blue Wellness Rewards program to attest to health actions and redeem digital gift cards,” the message said.
Officials confirmed that no social security numbers or financial data were compromised during the breach.
In response, Healthmine has temporarily disabled the affected Rewards accounts and blocked internet domains associated with the breach.
BCBS is collaborating with Healthmine to enhance security measures, including the introduction of multi-factor authentication for account registration and updated procedures for redeeming rewards and updating member information.
“While it appears that the bad actor was focused on stealing Rewards gift cards rather than identity theft, Arkansas Blue Cross is offering affected members the opportunity to enroll, free of charge, in a complimentary one-year membership with Experian’s IdentityWorksSM program,” the message said.
BCBS emphasized that members receiving a notification about the breach will be given guidance on how to protect their identities.
For further inquiries, members can contact BCBS customer service at 800-238-8379 open 8 A.M. to 5 P.M. from Monday through Friday.
WebReadyTM Powered by WireReady® NSI