14 DAY TRIAL // The Community Health Plan of Washington (CHPW) confirmed that it was affected by a breach on November 7 that exposed the personal details of its members.
The organization said in a press release that access to the server storing all these details was disabled once it found out about the breach and that it is now working with the FBI on finding the individual or group responsible for the hack.
“CHPW notified the Washington State Health Care Authority and the Washington State Office of the Insurance Commissioner of the incident, and reported the matter to the Federal Bureau of Investigation (FBI),” the company’s notification reads.
Names, addresses, dates of birth, Social Security numbers and coding information related to each member’s health were all stored on the breached server, the CHPW confirmed, but on the other hand, no banking or credit card information was put at risk.
Notifications now being sent to members
On December 21, the organization started sending notifications to users and is now offering free credit and identity monitoring services for 12 months to make sure that individuals are not put at risk in any way.
“Our highest priority is the protection of our members’ confidential information and their trust,” said Leanne Berge, CEO of CHPW. “As a community health center-focused, not-for-profit we have the duty to provide transparency in our work and are committed to providing all the resources that our members need to understand this incident and protect themselves.”
At this moment, there is no information regarding the identity of the hacker and no group has claimed the breach so far, but the CHPW says its investigation continues and more information would be shared at a later time.
In the meantime, affected members can contact the organization using the dedicated customer service hotline at 1-800-440-156 or get in touch with a CHPW representative to get more information on how to minimize risk of their details being used by hackers.
UPDATE, December 24: According to reports, the CHPW found out about the incident when it received an anonymous call revealing that a vulnerability was found in the systems belonging to NTT Data, the company that provides technical support services to the organizations.
Justin Shafer (@JShafer817) says he is the one who found the flaw and reported it to CHPW, adding that it wasn't a hack, but a public FTP exposed.