3.3 Million Highest Breach Informed by BCBS Seller

A business partner of numerous Blue Cross Blue Shield companies has found an illegal person has accessed a computer server having the PHI of nearly 3.3 million people.

New York-based Newkirk Products Inc., a supplier of the identification card and administration facilities, found the incursion on July 6, 2016. The impacted computer network was instantly closed down and an outside computer forensics company was brought in to carry out an inquiry. That inquiry disclosed that its arrangements were first breached on May 21, 2016.

Newkirk Products delivers management facilities to the following healthcare companies:

  • West Virginia Family Health
  • Uniformed Services Family Health Plan
  • Priority Partners Managed Care Organization
  • Johns Hopkins Employer Health Programs, Inc.
  • Highmark Health Options
  • Gateway Health Plan
  • DST Health Solutions, Inc.

Newkirk Products also makes identification cards for the following healthcare companies:

  • Health Now New York Inc.
  • Capital District Physicians’ Health Plan, Inc.
  • BlueShield of Northeastern New York
  • BlueCross BlueShield of Western New York
  • Blue Cross Blue Shield of North Carolina
  • Blue Cross and Blue Shield of Kansas City


As per a press statement released by Newkirk Products on Friday, all of these companies have been impacted.


Impacted people had a few or all of the following data leaked: Name, Medicaid ID number, primary care provider name, premium invoice information, group ID number, member ID number, health plan type, date of birth, mailing address, and the names of any dependent relatives also registered on members’ health policies. Extremely confidential data like health insurance details, Social Security numbers and financial information were not leaked as a consequence of the breach. Blue Shield of Kansas City was among the worst hit, with roughly 790,000 of its Blue KC members affected by the breach.

Newkirk Products is still probing the breach, even though at this time no proof has been found to indicate any data have been utilized wrongly. All impacted people are being informed by post and are being provided 24 months of free identity thievery checking as well as solution facilities.

The breach was found only five days following the firm was bought by Broadridge Financial Solutions in a $410 million contract. The detection of the breach implies that price will be substantially higher. The 2016 Cost of a Data Breach Report released by the Ponemon Institute previously this year indicates healthcare data breach solution prices have increased to $355 per leaked file.

Broadridge Financial Solutions, Inc., informed that the breach was found before systems and data were included in its own arrangements and the only customers impacted by the breach are those who performed business with Newkirk Products.

This is the 3rd biggest healthcare data breach found in 2016, and the second 3 million record+ healthcare data breach informed in the previous week. The news comes only some days after the declaration of a possible 3.7 million record breach at Phoenix, Arizona-based healthcare system Banner Health, and just more than a month after a 9.3 million-record cyberattack on a yet undisclosed health underwriter.