August 12, 2016

Share Everywhere

3.3 Million Affected by Newkirk Products Data Breach, Issuer of Healthcare ID Cards

An Albany-based service provider, Newkirk Products, recently revealed they were the victims of a security breach that compromised member information. Newkirk issues healthcare ID cards for health insurance plans, and on July 6, 2016, they discovered a server containing member information was accessed without authorization. The public was notified of the breach through a press release from the company on August 5, 2016. At this time, there is no evidence that the stolen information has been used in any way.

Who Had Information Stolen in the Newkirk Breach?

News of the Newkirk breach has been spreading in many different states because the company serves quite a few major health insurance plans. Affected plans may include:

  • BlueCross Blue Shield of Kansas City
  • BlueCross Blue Shield of North Carolina
  • BlueCross Blue Shield of Western New York
  • BlueCross Blue Shield of Northeastern New York
  • HealthNow New York Inc.
  • Capital District Physicians’ Health Plan, Inc.
  • DST Health Solutions, Inc.
  • Gateway Health Plan
  • Highmark Health Options
  • West Virginia Family Health
  • Johns Hopkins Employer Health Programs, Inc.
  • Priority Partners Managed Care Organization
  • Uniformed Services Family Health Plan

None of these health plans had their individual systems accessed — it was just Newkirk’s — but the Newkirk system did contain information about members of the health plans listed above.

What Did the Hackers Steal?

The cyber criminals had unauthorized access to a variety of information. The exact details stolen vary by healthcare plan, but Newkirk says the information would have been a combination of the following:

  • Member name
  • Mailing address
  • Type of plan
  • Member ID
  • Group ID
  • Names of dependents
  • Primary care provider
  • Date of birth
  • Premium invoice information
  • Medicaid ID number

The company specifically notes that Social Security numbers, banking and credit card information, medical information, and insurance claims information were not stolen.

What Should Affected Customers Do?

Newkirk is in the process of mailing letters to anyone who was affected by this recent data breach. If you receive a letter, it will explain exactly what happened and include an offer for two years of free identity protection and restoration services. They have also created a dedicated assistance line for you, or anyone else, who would like additional information regarding the breach. Newkirk can be reached at 1-855-303-9773, Monday-Saturday, from 8am-8pm CST. You can also visit to learn more.

Follow Me

Heidi Daitch

Director, Strategic Programs at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.
Follow Me

Join The Discussion

Your email address will never be published.