BALTIMORE — UnitedHealthcare (UHC) members in Maryland may have had their personal information exposed to hackers recently.
The health insurance company believes their mobile app was the target of a cyber credential stuffing attack sometime between February 19 and February 25.
Suspicious activity was first detected on February 22, but it wasn't until April 10 when the company learned sensitive information of some Maryland members might have been breached.
That information could include first and last names of members, their birthdays, health insurance ID numbers, addresses, dates of medical care, health provider names, claim information, and the group name and number associated with accounts.
UHC says Social Security and driver’s license numbers were not accessed.
Affected members are currently being notified directly by mail.
Following the security breach, UHC says it locked member portal accounts and forced password resets to prevent further unauthorized access.
So far UHC says it has no evidence the attackers accessed or obtained login credentials from any of their systems.
"The company regrets this incident and any inconvenience or concern it may cause," UHC said in a press release.
As a precaution UHC says it's offering their members two years of free identity theft protection services through LifeLock.
Any members having questions or concerns about their account can call 800-669-1812.