Healthfirst Data Breach (2019)

New York insurer Healthfirst notified about 1,800 members in late May that information related to their case management may have been sent to outdated addresses, the company disclosed to the U.S. Department of Health and Human Services' Office for Civil Rights. The company said letters including information about case management or the approval or denial of clinical services were sent to the wrong addresses in some cases because "a newly implemented case-management system did not differentiate current addresses from former addresses." The company learned in March that it had been sending letters to older addresses since November 2017 and corrected the situation that month. It noted the problem affected a small percentage of its nearly 1.4 million members. The letters did not disclose Social Security numbers, bank account information or other financial information. Healthfirst is offering affected members one year of free identity theft and credit monitoring as well as identity-restoration services.