566,217 individuals affected by Bankers Life breach

CNO Financial Group recently reported a data breach which compromised the protected health information (PHI) of 566,271 individuals to HHS’ Office of Civil Rights (OCR). The breach occurred in the company’s Bankers Life and Casualty Co. division in Chicago.

In a statement posted on their website, Bankers Life explained that between May 30 and September 13, 2018, unauthorized third parties improperly obtained employee credentials in order to gain access to certain company websites, potentially resulting in illegal access to the personal information of policyholders and applicants.

After learning about the unauthorized activity on August 7, the company notified federal law enforcement and began an investigation. Bankers Life also hired an external forensics investigator, restricted access to its systems, and enhanced its security procedures.

The company also notified the individuals whose information may have been accessed in the breach. Disclosed PHI included:

• Addresses
• Dates of birth
• Insurance information (such as application or policy numbers, types of insurance, premiums, dates of service, and claim amounts)
• Last four digits of Social Security numbers
• Names

Bankers Life indicated that for a few members, additional information may have been disclosed, and the letter of notification they received would have stated so.