May 10, 2019

Buffalo, NY – On March 19, 2019, an Independent Health employee inadvertently emailed documents containing the protected health information (PHI) of 7,605 members to one unauthorized recipient.

The inadvertent email, which was sent via secure transmission, included the following information: member names, Independent Health ID numbers, name of provider seen, dates of service, claim numbers, claim payment information, and medical procedure codes. The email did NOT include Social Security numbers, personal financial data, or diagnosis codes.

The recipient notified Independent Health of the error within an hour of receiving the email on March 19, 2019. We promptly sought, and received, confirmation the email was deleted from the recipient’s inbox.

Because there was no personal financial information or Social Security numbers disclosed, we believe the risk of identity theft is low. Nonetheless, as an added precaution, we have arranged for one year of identity protection and monitoring services free of charge to the affected members.

The affected members have already been notified by mail regarding this incident earlier this week.

Independent Health’s systems were NOT compromised in any way. This disclosure was the result of human error. To address this error, we conducted employee retraining, which included a review of privacy and security controls.

Protecting our customers’ privacy and keeping their information secure is critically important to Independent Health and we deeply regret that this event occurred. Members with questions may call Member Services using the phone number on the back of their ID card.