Skip to main content

Highmark Health Cyber Security

ISRM ProgramHighmark Health, its health plan businesses, affiliated businesses and charitable foundations, are committed to protecting your information through our cyber security and privacy practices.

To better serve you, Highmark Health is always working to maintain a thorough security program. This includes continuously educating and training our security professionals to strengthen cyber security skills.

Highmark Health works with the Blue Cross and Blue Shield Association, an association of independent Blue Cross® and Blue Shield® plans, leading cyber security companies and government agencies to stay on top of security issues.

Cybercriminals use a variety of strategies to commit fraud and have begun to shift their approach by targeting consumers directly through sophisticated scams involving fraudulent outreach via mail, text, e-mail, and phone calls. These communications appear to be initiated by Highmark Health plan businesses, but instead are being sent by malicious third parties in hopes of receiving our customers’ personal or health related information.

Remember: Heightened awareness about these tactics is the best defense. Health plan businesses will never ask for private information such as an account number, password, or Social Security number in member communications. To learn more about cyber security and how to protect yourself, please review the frequently asked questions section below.

What is email fraud?

Email fraud, also known as phishing, is an attempt to gain someone's personal, health, or financial information by impersonating a legitimate company.

These unsolicited emails will prompt you to take specific action, i.e., update your account information via a non-legitimate link that is programmed to steal your personal information or money.

The emails may also contain attachments that, once opened, will install malicious software on your computer to steal your information.

View a sample fraud email for more details.

What should I do if I receive a fraudulent email?

  • Do not call phone numbers provided in the email.
  • Do not click on any links provided in the email.
  • Do not open attachments on the email.
  • Do not reply to the email or provide personal, health, or financial information.
  • Delete the email from your inbox.

What is a phone scam?

A phone scam is a call or voice mail message from someone pretending to be from a legitimate company asking for personal information. If in doubt about the legitimacy of the call, it is best to verify the caller by looking up the organization's contact information and calling them back directly to confirm the request.

Remember that Highmark Health will never call after 8 pm or before 9 am and you can always call the number on the back of your insurance card to speak directly with a Highmark representative.

Be aware if the caller:

  • Informs you of a free bonus for buying their product or providing your information
  • Pressures you into sharing information or making a decision
  • Insists on obtaining your credit card information
  • Asks for your Social Security number, Medicare number, or health plan identification
  • Asks if you have Medicare and/or what health plan you use
  • Refers to themselves solely as "Blue Cross," "Blue Shield" or "Blue Cross Blue Shield," as each local company ("Highmark") Blue Cross Blue Shield must provide information that identifies its corporate or trade name in its communications

What should I do if I receive a suspicious phone call?

If you are suspicious of a phone call claiming to be from Highmark Health, do not provide personal information and hang up the phone. Individuals are also encouraged to report malicious or suspect robocalls, telemarketers or phone scams to the following federal agencies:

What is a social media scam?

Social media scams also are prevalent. The scam may appear as a social media site ad. If you click on the ad, malicious software may be installed on your computer to obtain your personal information.

What should I do if I spot a potential social media scam?

Protect yourself from social media scams. Do not download anything to your computer or personal device unless you know it is from a legitimate source and be cautious of any business that uses social media to conduct transactions.

More information