OAKLAND, Calif. (June 19, 2020) – A Blue Shield of California vendor, Magellan Health, has confirmed that 15,843 Blue Shield members were impacted by a data security breach and have been notified of the incident. Blue Shield takes this situation seriously and is committed to protecting the privacy of our members.
On April 11, 2020, Magellan Health discovered they were the target of a ransomware attack. Immediately after discovering the incident, Magellan retained a cybersecurity forensics firm Mandiant to help conduct a thorough investigation. It was determined that the root cause of the attack was a phishing email that impersonated a Magellan Health customer.
The investigation revealed that the incident may have affected some members’ personal information including names and one or more of the following: treatment information, health insurance account information, health plan member ID number, other health-related information, email addresses, phone numbers, and physical addresses. No Blue Shield member social security numbers or credit card information was affected. At this time, there is no evidence that any personal data has been misused. Blue Shield systems and emails were never affected or vulnerable to this attack.
Magellan immediately reported the incident to, and is working closely with, the appropriate law enforcement authorities, including the FBI. Additionally, to help prevent a similar type of incident from occurring in the future, Magellan has implemented additional security protocols designed to protect the network, email environment, systems and personal information.
For more information, members can call 888-451-6558 or visit https://www.magellanhealth.com/news/security-incident/.