LITTLE ROCK, Ark – After one of its vendors was the victim of a cyberattack, Arkansas Blue Cross and Blue Shield is assuring members that steps are being taken to protect any personal information which may have been exposed.

Blue Cross included members of its Health Advantage affiliate in announcing who may have been affected by the cyberattack. Arkansas Blue Cross and Blue Shield along with Health Advantage represents approximately 1,430 members who may have been affected by the breach.

The cyberattack occurred at OneTouchPoint, Inc. a printing/mailing vendor for Matrix Medical Network, which provided member services for Arkansas Blue Cross and Health Advantage. OneTouchPoint had members’ personal information in their computer files, which may have been exposed in the cyberattack.

Arkansas Blue Cross and Blue Shield stressed that the attack did not involve its, or Health Advantage’s, computers or records. Member social security numbers were not in the file system involved in the cyberattack, which accessed affected member names, addresses, birth dates, healthcare provider names, and medical information, the company stated.

“Protecting personal information is a top priority for us, and we take this issue very seriously,” Kathy Ryan, executive vice president and chief operating officer for Arkansas Blue Cross said. “We regret the concern it may cause our affected members, and we’re making a broad range of services available today to help protect their information.”

Letters are being sent to members possibly impacted by the cyberattack, which will provide instructions on how to sign up for 12 months of free identity detection and resolution of identity theft and credit monitoring services.

Management at OneTouchPoint said the company is continuing to investigate this matter with the help of an unnamed third-party forensic specialist to determine the nature and scope of the attack. So far, no unauthorized use of possibly stolen information has been reported.

Currently, neither OneTouchPoint nor Matrix is doing any work or services for Arkansas Blue Cross and Blue Shield or Health Advantage.

In a statement, Blue Cross and Blue Shield and Health Advantage stated it was acting with “an abundance of caution to protect members.”

“Although this was an incident that occurred at another company and we played no role in it, we regret that member personal information may have been exposed by it, and we are working to help manage this process in their best interests,” Ryan said. “We recognize this issue can be frustrating and we are taking steps to get to the bottom of the incident and provide members with peace of mind through this process, in part with free credit monitoring and identity theft protection.”