EyeMed takes the privacy and confidentiality of the information provided to us very seriously.
On July 1, 2020, we discovered that an unauthorized individual gained access to an EyeMed email mailbox and sent phishing emails to email addresses contained in the mailbox’s address book. On the same day, we promptly blocked the unauthorized individual’s access to the mailbox and secured the mailbox. The mailbox contained information about current and former recipients of our vision benefits.
We launched a comprehensive investigation into the incident and hired a cybersecurity firm to assist in its efforts. The investigation determined that personal information of participants potentially accessed included: full name, address, date of birth, phone number, email address, vision insurance account/identification number, health insurance account/identification number, Medicaid or Medicare number, driver’s license or other government identification number, and birth or marriage certificate. For some individuals, partial or full social security numbers and/or financial information were implicated and, in a few cases, medical diagnoses and conditions, and treatment information, and/or passport numbers were implicated.
While we do not know of any misuse of the information, we are mailing letters to affected individuals and we established a dedicated call center to answer any questions individuals may have. The letters include an offer for free credit monitoring and identity protection services for a duration of two years. Affected individuals should closely monitor financial statements, credit reports, and statements they receive from their health insurers. We also recommend that individuals review financial statements, credit reports, and statements they receive from their health insurer. If they see services they did not receive or accounts, charges, or withdrawals that they did not authorize, they should contact their health insurer immediately.
EyeMed regrets any inconvenience this incident may cause individuals. To help prevent something like this from happening again, we have taken prompt action to enhance the protections that were already in place before the incident. Among other actions, we have implemented additional security measures for authorized access to our network and are providing additional security awareness training.
If you believe you have been affected and do not receive a letter by December 12, 2020, please call 888-974-0076, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time to learn if your information was involved in the breach.