Thank you for visiting Quikcard’s webpage regarding the recently announced data breach. This webpage provides information for Quikcard’s health spending account clients, cardholders, brokers and health service providers. If you are an individual or dental provider who Alberta Dental Service Corporation (ADSC) serves through various Government of Alberta dental programs, please visit www.adsc.org/cyberincident.
Quikcard takes the security of personal information in our care very seriously. This webpage offers information regarding the recent cybersecurity incident including who was affected, the steps we are taking to bolster the protection of the information in our care and provide recommendations on additional steps affected parties can consider taking to protect their information.
Quikcard Solutions Inc. (“Quikcard”) administers health spending accounts for employers across Canada. We collect various forms of personal and business information from clients (employers), cardholders (employees), brokers and health service providers to facilitate these services.
On July 9, 2023, we discovered that an unauthorized third party gained access to a portion of our IT infrastructure and deployed malware which encrypted certain of our systems and data, rendering them temporarily inaccessible. We immediately deployed countermeasures to secure our network and data from further unauthorized access and engaged third-party cybersecurity experts to assist with containment, remediation and to conduct a forensic investigation into the nature and extent of this incident. Fortunately, we were able to recover the affected systems and data from backups with only minimal data loss.
WHO WAS IMPACTED
Health Services Providers
If you enrolled with Quikcard to receive direct payment for eligible health claims of your patients at any time between January 1, 2010, and July 9, 2023, then the following information may have been compromised: corporate name, corporate bank account, mailing and email address, and your license number.
Quikcard Companies (Employers)
If you set up a Quikcard Health Spending Account for your employees at any time between January 1, 2010, and July 9, 2023, then the following information may have been compromised: corporate name and corporate bank account.
Quikcard Cardholders (Employees)
If your employer enrolled you for a Quikcard Health Spending Account at any time between January 1, 2010, and July 9, 2023, then the following information may have been compromised: name, date of birth, mailing address, and details relating to your health benefits claims.
Additionally, if you provided your banking information to Quikcard to facilitate direct electronic claims payments, then your personal bank account number may have been compromised.
If you enrolled as a Broker to sell Quikcard Health Spending Accounts at any time between January 1, 2007, and July 9, 2023, then the following information may have been compromised: corporate name, corporate bank account number, and corporate email and mailing address.
Quikcard Service Bureau Submitters
If you enrolled directly with Quikcard for its Alberta Health Care electronic claims submission service at any time between July 1, 2022, and July 9, 2023, then the following information may have been compromised: corporate name, corporate email and mailing address, corporate bank account number, and your Alberta Health Care Submitter Number.
WHAT WE ARE DOING
We have also taken steps to ensure that any personal information which was accessed or copied from our systems has been deleted and protected against fraudulent misuse. We have notified all impacted individuals and organizations directly as notices have been sent on August 21, 2023, by either email (where available) or letter mail. Email notifications are sent through firstname.lastname@example.org.
We also have a dedicated call centre to answer your questions about this incident. The call centre number is 1.833.545.2198 and is available Monday through Friday from 8:00am to 8:00pm EST with weekend coverage of 9:00am to 5:00pm EST.
WHAT YOU CAN DO
Remain vigilant – We encourage everyone to remain vigilant regarding threats of identity theft or fraud by engaging in the following best practices:
- If you receive emails, telephone calls or text messages asking for your financial or any other personal information you were not expecting, particularly if they purport to be from Quikcard, please consider such communications to be fraudulent and contact us immediately to verify their authenticity.
- Monitor your bank accounts and credit history to guard against any unauthorized transactions or activity. If you have any doubts or notice any suspicious or potentially fraudulent activity on your credit or debit card, we recommend you contact your financial institution and report the incident to local law enforcement immediately.
- Change online passwords for your financial and other sensitive accounts regularly and make sure they are secure.
- Never respond to unsolicited requests for your financial information and be careful when sharing your personal information unsolicited, whether by phone, email or on a website.
- Avoid clicking on links or downloading attachments in suspicious emails.
The following website offers additional tips and resources to help you protect your identity: https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/
The following website offers information on how to access your credit score: https://www.canada.ca/en/financial-consumer-agency/services/credit-reports-score/order-credit-report.html
On behalf of Quikcard, we apologize for any inconvenience or concern this incident may cause you. We are using this unfortunate incident as an opportunity to evaluate our practices and procedures and to improve upon them wherever possible. Thank you for your patience and understanding.
For further information, access our Cybersecurity Incident FAQs