Around 15,000 Medicare advantage members of Blue Cross Blue Shield of Michigan might have affected by a potential data breach. The healthcare and health insurance provider stated that the theft of its employee’s laptop on October 26, 2018, may have compromised the customers’ personal information.
The incident was notified by Blue Cross’s subsidiary company COBX on November 12, 2018. Blue Cross said that while the laptop was encrypted and password-protected, the login details may have been compromised.
“After learning of the theft, we began working with our subsidiary company to promptly change the employee’s access credentials and investigate the issue. To date, we are not aware of any attempted logins to the employee’s laptop since the theft. Although there is no evidence that the laptop contents were accessed, we are notifying just under 15,000 affected Medicare Advantage members in an abundance of caution,” Blue Cross said in a statement.
The access information includes the member’s first name, last name, address, date of birth, enrollee identification number, gender, medication, diagnosis, and provider information. Blue Cross clarified that the Social Security numbers and financial account information were not included in the accessible data.
“Disclosure of protected health information in this way does not meet privacy practices at Blue Cross. Although we believe that the risk of identity theft or financial harm is low in this case, we want to do what we can to alleviate concerns affected members may have,” said Kelly Lange, Blue Cross vice president for enterprise compliance.
“We’re currently working closely with our subsidiary company to review policies and procedures and put additional safeguards in place. At Blue Cross and Blue Care Network, we take the security of our members’ protected health information very seriously and sincerely apologize for this incident,” Lange added.
Blue Cross is notifying the affected members and also providing free identity protection services, which help recover identity theft-related financial losses, restore credit along with fraud alerts, credit monitoring, and identity theft insurance policy, for two years.