Letters notifying customers of the breach were sent last week by
HAP said Tuesday in a statement that the incident may have exposed customers' names, addresses, dates of birth, member identification numbers, health care provider names, patient identification numbers and claim information, such as the service codes and payment amounts. It suggested
"HAP takes its responsibility to protect our members' information very seriously," the company said in a statement. "We sincerely apologize this happened to our members.
A total of 120,344 HAP customers may have been affected, a HAP spokeswoman said, and any HAP member with questions about the breach may call 877-412-7152 for more information.
"About 150,000 of our members were impacted, with about 100,000 of them residing in
"We have no indication that any member information was extracted during the incident."
English said the investigation is ongoing, and additional companies and clients he could not name would be alerted through March if their data also is at risk.
Each letter mailed to those affected by the security breach has been individualized to explain the depth of compromised data, English said. And although
"The review of the actual data was done by a forensics company, which determined if any of those elements of data, like a
The forensic investigation of the malware attack suggests that records were encrypted, English said, and there's no evidence yet that the information has been retrieved or misused.
"Nevertheless, given the nature of the affected files, some of which contained individual patient information (names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers, and medical information, including some highly sensitive medical information), out of an abundance of caution, we mailed letters to all impacted individuals recommending that they take immediate steps to protect themselves from any potential misuse of their information,"
He hasn't been insured by HAP since late 2016, and says he's concerned about what data was taken and how it might be used.
"We keep a tight review of our credit history so we're able to catch these things early," said Pterneas. "I got the impression from this that it's a possibility that my information was breached. I don't really feel assured. I feel like they're covering their bases, but they're not really admitting my information was taken.
"They have all the disclaimer words in here, you know, like 'your data may have been affected,' and 'we're notifying all the clients.' It is the general catch-all language that they're throwing out there to cover their bases so they can say that they're notifying me."
-- Contact Equifax,
-- Get a free copy of your credit report by going to www.annualcreditreport.com.
-- Monitor all bills and credit-card charges to ensure they are legitimate.
-- Frequently review bank account statements, watching for checks, purchases, or deductions you didn't make.
-- Report any suspicion of identity theft to your local police department and the fraud department of the
-- Review your explanation of benefits statements from your health insurance provider and look for accounts or creditor inquiries, transactions or services that you did not initiate or do not recognize.
The company is offering
The letter mailed to affected HAP customers says
Pterneas said he'll continue to be vigilant about monitoring his credit now that there's a chance his personal information was taken.
"I have already been a victim once of fraud," he said. "This is coming to light again from a company that I didn't feel took care of me, which was their job. And now that I'm gone, they're still not taking care of me or hundreds of other people. ... And there's nothing we can do about it."
Editor's note: This story has been updated to include more details about how the security breach affected customers of
(c)2019 the Detroit Free Press
Visit the Detroit Free Press at www.freep.com
Distributed by Tribune Content Agency, LLC.