On November 7 of this year, Community Health Plan of Washington (CHPW), a nonprofit Medicaid-based health insurance company in Seattle, received a disturbing voicemail, the effects of which are just today being fully realized.
The unidentified caller stated that the firm (a subsidiary of NTT Data) who provides technical services to CHPW had a major security vulnerability. While CHPW was not quick to notify those who may have been impacted, some 381,534 current and former patients, they did not hesitate when it came to investigating the matter. The company not only hired a forensic investigation team, but they also contacted both the FBI and WA state regulators.
After the breach was officially confirmed on November 30, CHPW hired the well-known cybersecurity firm, Kroll, to guide them through the best course of action. All members, whose names, addresses, DOBs, and SSNs have been hacked, will be receiving notification of the breach via letters sent 12/28/2016, and will be eligible to receive a year of free credit monitoring.
As for the delayed reaction time, CEO Marilee McGuire acknowledges it by explaining that they wanted to make sure all those logistics were in place, which she said takes some time. McGuire has expressed personal concern over the issue and has even set up a call center and translation services to help make amends.