Iowa State employees who receive a letter from California-based Change Healthcare about a February data breach are encouraged to follow the suggested steps to protect their financial accounts and credit file. The letter, which began appearing in U.S. mailboxes early last month, doesn't mention Iowa State or any of its benefit providers.
Change Healthcare, a subsidiary of UnitedHealth Group and Optum, is one of the largest payment networks in the health insurance industry, electronically connecting doctors' offices, pharmacies and hospitals with health insurers and routing about a third of all claims. Any of Iowa State's insurance providers -- Wellmark Blue Cross and Blue Shield, Delta Dental, Express Scripts, Avesis, for example -- that process claims submitted via Change Healthcare potentially were impacted.
Insurers were informed Feb. 21 of the security breach.
"Although Wellmark alerted Iowa State that its systems were not impacted, our vendors haven't been able to tell us who was impacted or the extent of the impact," said benefits director Ed Holland, university human resources. "What we do know is that Change Healthcare is obligated to communicate with impacted individuals because the breach was to their system."
According to Change Healthcare, data impacted in the breach includes health insurance information, medical records, billing, claims and payment records and personal identification such as Social Security number or driver's license.
Protect yourself from credit fraud
In its letter to impacted employees, Change Healthcare advises these steps be taken to protect financial accounts and credit files. Holland noted the measures apply to any type of suspected data breach:
- Carefully review statements from Wellmark and your health care providers to confirm the validity of listed activity. Report any questionable charges or credits promptly.
- Monitor your financial accounts and promptly notify your financial institution or card company if you detect unauthorized transactions.
- Enroll in a credit and identity monitoring service. Change Healthcare will pay for two years of coverage with IDX , which also is the service employees enrolled in an ISU medical plan may use (at no extra cost). Log in to your myWellmark account and click on "identity protection" in the lower left corner. Or follow the enrollment directions on Change Healthcare's data breach website.
- Request a fraud alert on your credit file to help protect against fraudulent new accounts in your name. By calling any one of the three major credit bureaus (Equifax, Experian or TransUnion), this will flag your account for a fraud alert with all three companies. The alert notifies the credit grantor to take specific steps to verify the applicant's identity.
- Consider requesting a freeze of your credit file at each of the three major credit bureaus. No new credit accounts can be opened in your name without a PIN number issued. Unlike the fraud alert, you must contact each credit bureau separately to request a freeze.
- Contact local law enforcement or the Iowa Attorney General's office to report suspected cases of identity theft.
More information is online. Questions about the breach may be directed to Change Healthcare, 1-866-262-5342.