Blue Cross and Blue Shield of Rhode Island (BCBSRI) is blaming a vendor for a breach that compromised the personal health information of 1,567 people and Philadelphia-based Insurer Independence Blue Cross was breached in a separate incident.

The unnamed vendor reportedly sent the member benefits explanations, also known as health-care services summaries, to the wrong BCBSRI member in the same household or on the same family policy, according to the Providence Journal.

After analyzing 80,000 health-related websites, a University of Pennsylvania doctoral researcher found that 90 percent shared user data with third-party advertisers and data brokers. Read more

The mistake stemmed from Blue Cross’ use of a vendor “to combine healthcare service summaries for some members who were covered on the same policy in an effort to reduce the number of summaries members received. In mid-July, BCBSRI learned that in some instances, the summaries were being combined incorrectly by the vendor, resulting in summaries being sent to the wrong family member or other person covered on their family policy,” the report said.

The firm emphasized that no information was disclosed to anyone other than a family member or a person covered on the same family policy. Those who are affected will receive a notification by mail and are encouraged to call 1-800-639-2227 if they have any questions.

Separately, Independence Blue Cross is reporting a data breach which affected nearly 17,000 people after an employee uploaded member information to a public website.

Names, birth dates, and diagnostic codes were exposed, according to Fox 29 News, and those who were affected will be receiving 24 months of free credit monitoring services. The company said “appropriate action” has been taken against the employee responsible for uploading the file.