Independence Blue Cross announced July 2 that protected health information belonging to certain members of the Philadelphia-based health plan may have been accessed by an unauthorized user.
The Independence Blue Cross privacy office was notified of the security incident May 8. After launching an investigation, the health plan discovered that certain members used the same password credentials for multiple websites, and the passwords were previously exposed through other third-party attacks, such as the compromise of the MyFitness Pal app in 2018, according to the news release.
The passwords extracted from the data breach were then used to gain access to certain pages within Independence's member portal between March 17 and April 30. Information affected by the security breach includes member names, identification numbers, plan types, spending account balances and claims data.
Independence said it is offering 24 months of free credit monitoring and identity protection services to individuals affected by the incident.