Tenn. BCBS completes hard drive theft remediation

Blue Cross/Blue Shield (BCBS) of Tennessee announced that it has completed its audit, remediation, and notification process for nearly 1 million of its members whose identification and health information had potentially been compromised after a theft of hard drives from a training center last fall.

The company reported that it was finalizing the mailing of letters to 999,000 current and former subscribers to advise that each member's data are secured, and to inform them of the identity protection and credit monitoring services being provided. The payor has offered prepaid credit monitoring services for 12 months to 239,000 members whose name, Social Security number, date of birth, and address were recorded on the hard drives. Other Blue Cross/Blue Shield members were offered a commercial "theft smart" program free of charge.

To date, no documented incidents of identity theft have occurred, according to an announcement made by Blue Cross on May 18. The remediation program is costing the Chattanooga-based health insurance company more than $7 million, a sum reported by the company in February.

The security breach began on October 2, 2009, when the company discovered that 57 computer hard drives had been stolen from a data closet in offices that were leased as a call center, as Blue Cross completed its relocation of the call center to its corporate campus. The office space was nearly empty, with the exception of computer hard drives containing phone conversations between subscribers and customer service representatives, and display screen captures of customer information. Nearly two years of data were stolen.

Blue Cross/Blue Shield had backup files of all the stolen data and began working with a security company to review files and identify members whose personal information was at risk. More than 110,000 hours had been logged in the remediation effort by January 2010. By mid-May, a total of 1.6 million files had been audited.

By Cynthia Keen
AuntMinnie.com staff writer
May 26, 2010

Related Reading

Computer stolen from Ky. mammo center, April 30, 2010

Readying for the Red Flags rule: It pays to be prepared, May 26, 2009

Health care facilities vigorously enforce patient privacy, August 27, 2007

Copyright © 2010 AuntMinnie.com

Page 1 of 603
Next Page