Horizon News: Members Impacted by Continuum Cybersecurity Incident
Posted on June 3, 2024
Applies to: All Commercial Markets
Some Horizon Members Impacted by Continuum Cybersecurity Incident
Continuum, a company that works with health plans, including Horizon, health systems and physician organizations nationwide, has notified us of a cybersecurity incident.
What Happened?
On October 19, 2023, Continuum discovered suspicious activity within its network. In response, Continuum immediately initiated an investigation into the nature and scope of the event with the assistance of third-party industry specialists.
The investigation determined that an unauthorized actor gained access to certain systems in Continuum’s network between October 18, 2023 and October 19, 2023, and accessed or acquired certain files stored on those systems during this time. Continuum identified the affected files and conducted a comprehensive review of the files to identify the type of information contained therein, and to whom the information relates. This review recently concluded and Continuum is currently notifying the impacted individuals directly.
The information disclosed did not include Social Security Numbers or financial information. The information that may be impacted by the incident varies by person, and may include one or more of the following types of information:
- Individuals’ names
- Addresses
- Health insurance information
- Treatment and/or diagnosis code
- Provider name
- Dates of treatment
We are working closely with Continuum to mitigate the risks associated with this incident.
What Is Continuum Doing?
Continuum, as our Health Insurance Portability and Accountability Act (HIPAA) business associate, began mailing letters on or about May 30, 2024 to affected individuals of this incident. The letter provides information they can use to better protect against misuse of their information.
As part of their ongoing commitment to the security of information, Continuum is reviewing and enhancing their existing policies and procedures related to data privacy to reduce the likelihood of a similar future event. Continuum is also notifying applicable regulatory authorities, as required by law.
Protecting the privacy and security of our members’ information is among our highest priorities. We follow rigorous information security best practices, and we hold the vendors who assist Horizon in administering member benefits and programs to the same standards. We will continue to work with Continuum to evaluate opportunities for improvements for data security.