On or about June 29, 2023, BHI learned that data within its network had been encrypted through an unknown source. Upon a thorough investigation, BHI determined that an unauthorized user had accessed and downloaded BHI business records, including some files that contained personally identifiable information (“PII”) and protected health information (“PHI”) of beneficiaries of BHI’s self-insured employer sponsored health plan.
Upon discovery of the security incident, BHI promptly removed the threat and contained the incident. Additionally, BHI notified federal and local law enforcement authorities, and retained a leading third party cybersecurity firm to investigate the nature and scope of the incident. That investigation, which included identifying and determining the number of individuals whose PII and/or PHI may have been contained in the data, largely concluded as of September 1, 2023. The information that may have been involved in this incident includes individuals’ first, middle, and last name, address, date of birth, Social Security number, and potential medical and claims information related to BHI’s health plan. BHI notified affected individuals by mail beginning on or about October 18, 2023.
Individuals seeking additional information regarding this incident can call BHI’s toll-free assistance line at 844-262-8351, Monday through Friday between 8:00am-10:00pm CST, and Saturday through Sunday between 10:00am-7:00pm CST. Even though BHI is not aware of any use of PHI by an unauthorized user, affected individuals can reach out to the Federal Trade Commission or their state Attorney General websites for information on preventing identity theft.
Since discovering the incident, BHI has continued to work diligently with internal and external consultants to strengthen the security of our systems to ward off these outside threats. Additionally, in response to this incident, we are reviewing our privacy and security policies, procedures, and training. For affected individuals, we are providing free credit and identity monitoring for two years. BHI is committed to safeguarding individuals’ personal information and will continue to work to enhance the protections that secure this information.