Potential Blue Cross data breach may affect 15K
Detroit — Blue Cross Blue Shield of Michigan is informing nearly 15,000 customers about a potential leak of some of their private information, officials said Friday.
Company officials said the notification is a precaution and there is no evidence any of the information has been accessed by an unauthorized person.
The less than 15,000 who may be affected have one of Blue Cross' Medicare Advantage health insurance plans, according to the company.
“We’re currently working closely with our subsidiary company to review policies and procedures and put additional safeguards in place,” Kelly Lange, Blue Cross' vice president for enterprise compliance, said in a statement. “At Blue Cross and Blue Care Network, we take the security of our members’ protected health information very seriously and sincerely apologize for this incident.”
Officials said the information was on a laptop used by an employee of a vendor contracted by a Blue Cross Blue Shield subsidiary that was stolen.
Social Security numbers and financial account information were not on the laptop computer, they said.
The members' information that may have been potentially accessible includes their first and last names, their addresses, birth dates, enrollee identification numbers, genders, medications, diagnoses and provider information.
The device was stolen on Oct. 26 and Blue Cross officials were notified about the theft on Nov. 12, according to officials. It was encrypted and password-protected, but the user's access credentials may have been compromised, the company said.
The user's credentials were changed promptly and officials are investigating the issue.
Blue Cross is offering affected members AllClear ID identity protection services at no cost for 24 months.
“Disclosure of protected health information in this way does not meet privacy practices at Blue Cross," Lange said. "Although we believe that the risk of identity theft or financial harm is low in this case, we want to do what we can to alleviate concerns affected members may have.”