How many victims? Approximately 39,000 individuals have been notified though the actual scope of the breach is unknown.
What type of personal information? Personal information including tax identification numbers, which for some, are the same as their Social Security number.
What happened? The laptop, which contained a database with sensitive information about physicians nationwide, was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago.
Details: It is Blue Cross’ policy to encrypt all information on company computers, Jeff Smokler, national Blue Cross-Blue Shield spokesman told Boston.com. An employee who was authorized to have the information violated company rules, however, by downloading an unencrypted version of the database onto a personal laptop. The laptop was stolen after the employee left headquarters with it.
The breach might affect Massachusetts physicians and other providers the worst because they typically use their Social Security numbers as their tax identification numbers -- which was part of the information breached.
Quote: “It took some time to figure out what type of data was on the laptop,’’ Tara Murray, Blue Cross and Blue Shield of Massachusetts spokeswoman told Boston.com. “There is no reason to be believe the data has been used to steal people’s identity, but we are just being cautious . . . to notify them and offering free credit monitoring.’’
What was the response? Blue Cross will review its security procedures and make it a priority to persuade state physicians and other health care providers to apply for a new tax ID number that is different from their Social Security number. In addition, additional encryption will be implemented.
Source: Boston.com, “Blue Cross physicians warned of data breach,” Oct. 3, 2009.