The company said it discovered in April that its system was the victim of a ransomware attack. The attack also exposed personal information on people with policies serviced through Magellan.
“Immediately after discovering the incident, we retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident,” the company said in a statement. “The investigation revealed that the incident may have affected some of our customers' members' personal information.”
The personal information that may have been exposed includes the names of policyholders. In some cases, the company says Social Security numbers, email addresses, and phone numbers may also have been exposed.
In some cases, affected consumers might not be aware of their policy’s connection to Magellan Health since the company provides services to many employer-sponsored health plans. If you have health benefits coverage through an employer, you should ask if you are affected.
Health policies through labor unions may also be connected to Magellan Health. The company also operates Medicaid plans in three states -- Arizona, Florida, and Virginia. It also operates numerous pharmacy benefit plans.
What to do
If you think you may be affected by the data breach, Magellan Health has set up this website with more information and instructions on what to do.
If you determine that your personal information is at risk, it may be wise to request a credit freeze from all three credit reporting agencies. That will restrict access to your credit file, making it harder for identity thieves to open new accounts in your name.
You can freeze and unfreeze your credit file for free. You also can also get a free freeze for your children who are under 16.