Security Breach Puts 500,000 BlueCross Members' Data at Risk

The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last October has put at risk the private information of approximately 500,000 customers in at least 32 states, the insurer said this week in an investigation update.

The hard drives containing 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009.

The files contained customers' personal data and protected health information that was encoded but not encrypted, including:

• Names and BlueCross ID numbers.


• In some recordings–but not all—diagnostic information, date of birth, and/or a Social Security number. BCBS of TN estimates that the Social Security numbers of approximately 220,000 customers may be at risk.

"Law enforcement agencies working on the investigation of the theft are regularly monitoring activity on Web sites known to participate in illegal identity theft activities, as well as online marketplace and community networks. To date, there is no evidence any member's data has been accessed and used as a result of the theft," BCBS of TN said in a media announcement.