Bankers Life, based in Chicago, is a health insurance company and the largest division of CNO Financial Group Inc. Between May 30 to September 13, 2018, hackers gained access to Bankers Life systems and potentially accessed the personal data of over 500,000 individuals.
Bankers Life provides insurance services to consumers, including medical insurance, long term care insurance and Medicare supplemental insurance. Bankers Life became aware of the breach on August 7, 2018.
The personal data of some employees and customers was potentially accessed. A ‘limited group’ of customers had their names, driver’s license numbers, Social Security numbers, state identification numbers, bank account numbers, medication details, diagnoses, and treatment data compromised. The protected health information (PHI) of a bigger group of clients was also possibly viewed by the hackers . For this group, the information was limited to names, addresses, birth dates, insurance type, insurance policy numbers, premium amounts, service dates, amount of claims, and their Social Security numbers’ last four digits.
Bankers Life engaged the help of a third-party computer forensics expert to investigate the breach and find out how the hackers accessed its systems. The insurance company did not disclose to the public details of exact nature o the attack and neither how access to its systems was gained.
Bankers Life has responded to the breach by implementing additional security controls and increasing monitoring of access to its systems.
The announcement regarding the breach was deferred upon the request of law enforcement. Notifications have now been sent to affected customers, who have been offered complimentary identity theft repair and credit monitoring services.
Bankers Life has submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights. The OCR breach report indicates 566,217 customers have been affected.