Insurance regulators in Delaware are worried that consumers affected by a data security incident at Summit Reinsurance Services Inc. may have no idea what Summit Re is.
Summit Re is a health reinsurance and employer stop-loss insurance advisor based in Fort Wayne, Indiana. It’s been part of a life insurance subsidiary of Blue Cross and Blue Shield of South Carolina since 2010.
The company uses health plan enrollees’ personal health information when helping plans get through the reinsurance or stop-loss underwriting process. It found ransomware on a server that may have contained enrollee data, including Social Security numbers and medical claim information, on Aug. 8, 2016.
Summit Re says it has no evidence that anyone has used any information from the server inappropriately, but the company launched an investigation, updated its security procedures, and notified clients of the ransomware attack.
Summit Re says in the ransomware attack notices that it’s offering to provide people potentially affected by the incident with one year of free credit monitoring and free identity restoration services.
“Summit is committed to the security of the personal information in its care and worked, and will continue to work, to enhance the protections in place to protect data,” the company says in the notice.
The list of Summit Re clients with customers getting breach notices includes Highmark Blue Cross Blue Shield of Delaware, Louisiana Health Cooperative Inc., PrimeWest Health of Minnesota, Select Health Network of Indiana and Tufts Health Public Plans Inc., according to company breach notices and press reports.
In Delaware, for example, 19,000 people received breach notices, officials say