State insurance officials say they are investigating a data breach involving two subcontractors of Highmark BlueCross BlueShield of Delaware.
Officials announced in a statement Friday that the data breach involves Summit Reinsurance Services and BCS Financial Corporation and affects about 19,000 Delawareans with employer-paid plans.
Summit said in a notice sent to customers this month that it discovered in August, five months ago, that ransomware had infected a server containing certain personal information, including names, Social Security numbers, health insurance information and claim-related medical records.
Summit said it appears that unauthorized access to the server first occurred on March 12, 2016.
Officials say Highmark, which covers the vast majority of Delawareans who have signed up for coverage under the Affordable Care Act, is cooperating with the investigation.