Albany, New York – August 5, 2016 – Newkirk Products, Inc. (“Newkirk”) today announced a cyber security incident involving unauthorized access to a server containing certain personal information. Newkirk is a service provider that issues healthcare ID cards for health insurance plans including Blue Cross and Blue Shield of Kansas City, Blue Cross Blue Shield of North Carolina, HealthNow New York Inc., BlueCross BlueShield of Western New York, BlueShield of Northeastern New York, and Capital District Physicians' Health Plan, Inc. (CDPHP), and, through Newkirk’s relationship as a service provider to DST Health Solutions, Inc., Gateway Health Plan, Highmark Health Options, West Virginia Family Health, Johns Hopkins Employer Health Programs, Inc., Priority Partners Managed Care Organization and Uniformed Services Family Health Plan.

No health plans’ systems were accessed or affected in any way.

The data potentially subject to unauthorized access varies by plan but includes some combination of: the member’s name, mailing address, type of plan, member and group ID number, names of dependents enrolled in the plan, primary care provider, and in some cases, date of birth, premium invoice information and Medicaid ID number. The server did not contain Social Security numbers, banking or credit card information, medical information or any insurance claims information.

On July 6, 2016, Newkirk discovered that a server containing member information was accessed without authorization. Newkirk shut down the server, started an investigation into the incident and hired a third party forensic investigator to determine the extent of the unauthorized access and whether the personal information of its clients’ members may have been accessed. Newkirk also notified federal law enforcement. While the forensic investigation is ongoing, it appears that the unauthorized access first occurred on May 21, 2016. Although the information contained on the server may have been accessed, Newkirk has no evidence to date that such data has been used inappropriately.

Broadridge Financial Solutions, Inc. acquired Newkirk on July 1, 2016 from DST Systems, Inc. (“DST”). DST Health Solutions, Inc. is a subsidiary of DST. The Broadridge network was not compromised, as the Newkirk network has not been integrated into Broadridge. Furthermore, there is no evidence at this time that any other Newkirk or DST service or infrastructure has been impacted by this incident.

Letters to those impacted by the incident are being mailed. These letters include an explanation of the incident, an offer of two years of free identity protection and restoration services and information about additional ways impacted individuals can protect themselves.

Albany, New York – August 19, 2016 – Newkirk Products, Inc. (“Newkirk”), a service provider that issues healthcare ID cards for health insurance plans, today provided an update on its previously announced cyber security incident. Symphonix Health Insurance, a client of DST Health Solutions, Inc., is also identified as an impacted party and is notifying its members of the event. This notification does not represent a new cyber security incident.

Letters to those impacted by the incident are being mailed. These letters include an explanation of the incident, an offer of two years of free identity protection and restoration services and information about additional ways impacted individuals can protect themselves.

Fraudulent Contact Alert

Some individuals have reported being targeted by scam phone calls. These scams, called "phishing" attacks, may be designed to look like they come from Newkirk or a health insurance plan. They are designed to capture personal information from you. These calls are NOT from Newkirk or a health insurance plan.

Neither Newkirk nor a health insurance plan will call you or email you to ask for your Social Security number or any credit card information. If you receive a call or email requesting personal information, please:

• ● DO NOT reply to the email or provide the caller with any information
• ● DO NOT supply any information on the website that may open, if you have clicked on a link in email
• ● DO NOT open any attachments that arrive with email

For more guidance on recognizing a phishing email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing. You can also forward fraudulent emails to spam@uce.gov.

If you might have been tricked by a phishing call or email:

• ● File a report with the Federal Trade Commission at www.ftc.gov/complaint.
• ● Visit the FTC's Identity Theft website. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

To Learn More

Newkirk has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. This assistance line can be reached at 1-855-303-9773 (TTY/TDD: 711), Monday - Saturday, 8am - 8pm CST.  Members of Gateway Health Plan, Highmark Health Options, West Virginia Family Health, Johns Hopkins Employer Health Programs, Inc., Priority Partners Managed Care Organization, Uniformed Services Family Health Plan and Symphonix Health Insurance please call 1-855-303-6659 (TTY/TDD: 711).

Identity Protection Tips

Newkirk recommends that impacted individuals enroll in the complimentary identity protection and restoration services. You can receive 2 free years through August 2018 of identity protection and restoration services with AllClear ID at newkirkproductsfacts.allclearid.com.  In addition, Newkirk recommends that impacted plan members review their account statements, medical bills, and health insurance Explanations of Benefits statements regularly for suspicious activity. Report all suspicious or fraudulent charges to your health insurance provider.

For more information, please review our Frequently Asked Questions