UnitedHealthcare (UHC) is reporting a data security incident that involves the personal health information of certain Iowa residents, a news release says.
While the personal information accessed varied by individual, it may have included a combination of names, member identification number, plan type, and county and state of residency. This incident did not involve the disclosure of Social Security numbers, driver’s license numbers or any financial account information.
On Dec. 29, 2022, UHC discovered an unauthorized third party was able to access a UHC broker portal limited to certain parts of its business. “We notified law enforcement and worked with them to investigate the matter,” the release says.
On Feb. 3, 2023, UHC confirmed the unauthorized party accessed information from the portal while attempting to divert funds intended for agents and/or brokers. Through its investigation, UHC determined the unauthorized third party was able to access certain personal information between Dec. 1, 2022, and Jan. 25, 2023.
“UHC is committed to protecting our members’ and brokers’ information and maintaining the integrity of our systems. UHC placed additional safeguards on the UHC broker portal to help minimize the risk of a similar incident occurring in the future,” the release says.
Affected individuals are being notified. Any suspicious activity should immediately be reported to their health plan or other relevant institution, the release says. Additionally, a dedicated toll-free hotline has been established to help answer any questions and can be reached at 800-669-1812 Monday through Friday from 8 a.m. until 5 p.m.