Blue Cross Blue Shield Association affirms laptop breach

Share this article:

The Blue Cross Blue Shield Association (BCBSA) is reviewing its security practices after thieves stole an employee's computer that contained an unencrypted file with the personal information of nearly every doctor who accepts the popular health insurance plan.

That amounted to between 800,000 and 850,000 doctors, spokesman Jeff Smokler said. The data on the computer file -- which was stolen out of a parked car in Chicago over the weekend -- included names, addresses, tax ID and physician identifier numbers. In 16 percent of the cases, the tax ID number was a Social Security number.

"We had an employee who did not follow company procedure and removed information from a BCBSA computers and put it on a personal laptop," he said. "They key violation was it was stored on a personal, not BCBSA laptop. But if you were to store it on a BCBSA laptop, it would be fully encrypted and it wouldn't be open to some kind of risk."

Smokler would not say if the employee, who was responsible for data analysis, was fired.

"The employee has been appropriately disciplined and corrective action has been taken," he said. "We're reviewing our policies to make sure we're as tight as we can be because clearly there was a lapse here."

BCBSA, which supports 39 member companies across the country, has pledged to offer one year of free credit monitoring to victims. Officials do not, however, believe the information will be used fraudulently.

"We don't think this was targeted for whose it was or what information it had," Smokler said. "It was a middle-of-the-night car break-in."

Representatives from the American Medical Association plans to meet with BCBSA to discuss the incident, he said. An AMA spokesperson could not be reached for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.