Computers at Excellus BlueCross BlueShield, based in Rochester, N.Y., fell victim to a cyberattack that may have compromised more than 10 million personal records.
Excellus said it learned of the cyberattack Aug. 5, according to the company notice. Cyberattackers initially accessed the payer's IT systems Dec. 23, 2013.
NBC News reported the attack affected more than 10 million records.
Compromised information includes member names, birth dates, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.
The attack affects members with Excellus plans, as well as other Blue Cross Blue Shield plan members who sought treatment in the upstate New York service area of Excellus and individuals who conduct business with Excellus.
To date, the investigations do not indicate any data were removed from systems or that information has been inappropriately used, according to the payer.
Excellus is offering two years of free identity theft protection services to affected individuals.
More articles on data breaches:
Lawrence General Hospital reports data breach due to missing thumb drive
3rd lawsuit filed against MIE after data hack: 5 things to know
Who do practitioners feel poses the greatest threat for HIPAA breach? 6 survey findings