Confirmation of Blue Cross Blue Shield Breach

by Doug Pollack

The Blue Cross Blue Shield Association (BCBSA) has affirmed that is has experienced a data breach incident affecting over 800,000 doctors in the US. According to Jeff Smokler at BCBSA, as reported in SC Magazine, thieves stole an employee’s computer that contained an unencrypted file with the personal information of nearly every doctor who accepts this popular health insurance plan.

“We had an employee who did not follow company procedure and removed information from a BCBSA computers and put it on a personal laptop,” Smokler said

While the national BCBSA is offering a year of free credit monitoring to those affected by the breach, they appear to be working closely with the state BCBS affiliates in order to notify doctors of the incident. In Massachusetts, this notification occured on October 2nd as reported in a Boston Globe article.

A majority of US states have formal breach notification laws that require notification by letter to affected members of a  breach population. There is also now a requirement to follow the HITECH Act notification rules, although it is unclear whether this particular incident would require this due to the somewhat ambigous “harm threshold” that is written into the interim Rules published by the Department of Health and Human Services.