UnitedHealthcare says member data security was breached due to software vulnerability

PROVIDENCE, R.I. (WLNE) — UnitedHealthcare said that a “vendor privacy incident” involved the release of the personal information of some Rhode Island members.

The company said that on Aug. 11, Welltok, Inc. (Welltok), which provides wellness-related communication services on behalf of UHC, discovered it had been affected by a software vulnerability earlier in the year.

During an investigation on the incident, Welltok discovered that an unknown party accessed its server between May 30 and May 31 and obtained UnitedHealthcare member data.

UnitedHealthcare said it determined that the breached information may include names, addresses, phone numbers, member ID numbers, dates of birth, age, Medicaid ID numbers, and types of health insurance plans.

However, Social Security numbers, driver’s license numbers, and financial account information were not included.

“While this incident did not impact any UHC systems, the company takes this matter seriously and is committed to protecting the privacy and security of its members’ personal information,” the company said in a statement. “While we have no evidence any information has been misused, we recommend individuals regularly monitor their health insurance and other statements for any unfamiliar activity.”

The company added that Welltok is providing two-years of complimentary credit monitoring and identity protection services through Experian to people affected by this incident.

Individuals are advised to report suspicious activity to law enforcement, and that a a dedicated toll-free hotline has been established to help answer any questions and can be reached at 1-800-628- 2141.

UnitedHealthcare had a security breach earlier this year as well.