Notice of Cognizant / TMG Data Incident
Sept. 5, 2023
Recently, Blue Cross and Blue Shield of Montana (BCBSMT) mailed letters to members with past or current health insurance coverage with BCBSMT. These letters were to inform you about a recent incident involving your Protected Health Information (PHI) as required under the law.
What Happened: On 06/23/2023 we became aware that your PHI was accessed by an unauthorized party on 06/21/2023 at a vendor of TMG Health (TMG). TMG provides third party administrative services to Medicare enrollees of HCSC Insurance Services Company (HISC). HISC is contracted with the Centers for Medicare and Medicaid Services (CMS) to offer this product.
What Information Was Involved: The information that was disclosed included your name, address, email address, phone number, date of birth, Social Security Number, Claim number, bank account number and medical service information. We have investigated the incident and determined that due to the unauthorized access by a bad actor, your information may have been disclosed to the wrong individual.
What We Are Doing: In order to minimize any harm, TMG is working closely with the vendor to ensure systems are updated to block these activities and prevent disclosures of this nature from occurring in the future. TMG is committed to maintaining the privacy and security of your information and is taking this incident very seriously. Our vendor has notified law enforcement to mitigate this situation as best as possible.
What You Can Do: BCBSMT takes the confidentiality of members’ data very seriously. We have no reason to believe that anyone has accessed or misused your information. However, we want to make you aware of steps you may take to guard against identity theft or fraud. If you receive or access explanation of benefits statements (EOBs) from BCBSMT, we recommend that you regularly review these statements. If you see any service that you did not receive, please call us at the number found on the statement or on the back of your member identification (ID) card. If you do not receive or access EOBs, contact your provider or plan and request that they send you a statement following the provision of any services under your name and ID number. Please review the enclosed Information about Identity Theft Protection.
What we are doing to protect your information:
To protect you from potential identity theft, we are offering you one year of complimentary Personal Identity and Privacy Protection through a national leader in data breach response services, IDX, A ZeroFox Company, the data breach and recovery services expert. IDX identity protection services include: 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy and fully managed ID theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
We encourage you to contact IDX with any questions and to enroll in the free identity protection services by calling 1-888-727-2311, going to the website or scan the QR image and use the enrollment code provided with your letter. IDX representatives are available Monday through Friday from 9 a.m. - 9 p.m. ET. Please note the enrollment deadline is [3 months from the date on your letter]. To learn more about what is included with these services please review the enclosure with your letter.
Due to privacy laws, we cannot register you directly.
What you can do to protect your information: There are additional actions you can consider taking to reduce the chances of identity theft or fraud on your account(s). Please refer to the final page of your letter.
For More Information: If you believe that your PHI has been misused or have any questions regarding this letter, please call the toll-free number listed on your member ID card. A representative is available to assist you.