The following was released on Monday, January 4, 2021:
EyeMed Vision Care LLC (“EyeMed”) announced last fall that it experienced a security incident impacting some participants receiving vision benefits managed by EyeMed.
On July 1, 2020, EyeMed discovered that an unauthorized individual gained access to an EyeMed email mailbox and sent phishing emails to email addresses contained in the mailbox's address book. On the same day, EyeMed promptly blocked the unauthorized individual's access to the mailbox and secured the mailbox. The mailbox contained information about current and former recipients of vision benefits through EyeMed.
EyeMed launched a comprehensive investigation into the incident and hired a cybersecurity firm to assist in its efforts. The investigation determined that the personal information of participants potentially accessed included: full name, address, date of birth, phone number, email address, and vision insurance account/identification number, health insurance account/identification number, Medicaid and Medicare number, driver's license or other government identification number, and birth or marriage certificate. For some individuals, partial or full social security numbers and/or financial information were implicated, and in a few cases, medical diagnoses and conditions, and treatment information were implicated.
EyeMed is committed to safeguarding personal information and took rapid action to enhance its existing protections by implementing additional security measures, including augmented access controls to the EyeMed network and supplemental security awareness training for personnel.
While EyeMed is unaware of any misuse of the information, EyeMed is mailing letters to affected individuals, a process which is now substantially complete, and established a dedicated call center to answer questions. EyeMed is offering free credit monitoring and identity protection services to affected individuals for a duration of two years. Affected individuals should closely monitor financial statements, credit reports, and statements they receive from their health insurers.
If you believe you have been affected and did not receive a letter, please call 888-974-0076, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time.