Blue Cross Blue Shield Association affirms laptop breach

Share this article:

The Blue Cross Blue Shield Association (BCBSA) is reviewing its security practices after thieves stole an employee's computer that contained an unencrypted file with the personal information of nearly every doctor who accepts the popular health insurance plan.

That amounted to between 800,000 and 850,000 doctors, spokesman Jeff Smokler said. The data on the computer file -- which was stolen out of a parked car in Chicago over the weekend -- included names, addresses, tax ID and physician identifier numbers. In 16 percent of the cases, the tax ID number was a Social Security number.

"We had an employee who did not follow company procedure and removed information from a BCBSA computers and put it on a personal laptop," he said. "They key violation was it was stored on a personal, not BCBSA laptop. But if you were to store it on a BCBSA laptop, it would be fully encrypted and it wouldn't be open to some kind of risk."

Smokler would not say if the employee, who was responsible for data analysis, was fired.

"The employee has been appropriately disciplined and corrective action has been taken," he said. "We're reviewing our policies to make sure we're as tight as we can be because clearly there was a lapse here."

BCBSA, which supports 39 member companies across the country, has pledged to offer one year of free credit monitoring to victims. Officials do not, however, believe the information will be used fraudulently.

"We don't think this was targeted for whose it was or what information it had," Smokler said. "It was a middle-of-the-night car break-in."

Representatives from the American Medical Association plans to meet with BCBSA to discuss the incident, he said. An AMA spokesperson could not be reached for comment.

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.