Update: Premera Blue Cross Begins Notifications for Excellus BCBS Members Potentially Impacted by Security Breach
We’d like to update you on the progress and process of member notifications by Premera Blue Cross for those impacted by the cyber-attack across the country, and among Excellus BlueCross BlueShield plan's membership, in particular.
We have a dedicated team working with Premera Blue Cross to help them accurately match files for proper membership notifications to occur. Generally, we're confident the attack impacted a low percentage of our membership, but the specific numbers continue to be fluid, so we think it would be unproductive to cite a number today. As impacted members are identified, notifications by Premera Blue Cross will occur without delay.
Starting on or about Monday, April 20, Premera Blue Cross began mailing letters to potentially impacted current or former members of Excellus BlueCross BlueShield. The letter gives clear explanation and guidance to the reader as to the cyber-attack and their available actions (credit monitoring and identity theft protection services included). If an employee asks about these steps, please refer them to the action steps in the letter, including information found on www.Premeraupdate.com.
The difficulty of providing precise numbers of memberships impacted plan by plan at this stage is based on a host of factors that are still being sorted out. For example, some impacted may be former members of a plan, some are deceased, others could be residents in upstate New York in our area who are employees of a company headquartered in another state but who got medical services over the past 14 years in one of the states where Premera Blue Cross operates. That last scenario involves multiple Blue Cross Blue Shield companies. So, the membership files for those kinds of cases make it tricky to provide a general report of membership impacts plan by plan.
Specifically for self-funded group arrangements, Premera Blue Cross will be submitting breach notification filings to the required state and federal regulators, including the Office for Civil Rights and the Centers for Medicare & Medicaid Services, both for itself and on behalf of other affected covered entities. This is expected to fulfill the filing requirements established by law and detailed in our respective Business Associates agreements for all affected Blue Cross Blue Shield plans, including Excellus BCBS, as well as their ASO accounts.
The key focus is ensuring that our members' needs are being met. That's why we support Premera Blue Cross’ approach to err on the side of the customers and offer the remedy ahead of knowing whether they were victims of the breach. Any and all members who were impacted by the breach -- whether they were Premera Blue Cross’ member, our member or another BCBS plan's member -- will be properly notified and offered credit monitoring and identity theft protection.