Security Breach Puts 500,000 BlueCross Members' Data at Risk

BCBS of TN had backup files of all stolen data and contracted Kroll, the risk consulting company, when the theft was discovered in October to review files and identify members whose personal information may be at risk. Due to the amount and types of the data involved, it is taking significant time to review each recording. BlueCross is working as quickly as possible to notify all affected members. As of Jan. 7, more than 110,000 hours were logged during this effort to identify members at-risk, the insurer said.

BCBS of TN has customers in 50 states. As of Jan. 8, the insurer had identified 32 states with 500 or more members whose data may be at risk. HHS, the State of Tennessee, and the attorney general's office and media in each state with 500 or more affected members have been notified about the theft, which is required by the Health Information Technology for Economic and Clinical Health Act. BCBS of TN has also placed a notice with all three credit bureaus regarding this theft.

Three levels of risk have been identified for those customers whose information may be at risk. Letters are being mailed to these current and former BlueCross customers explaining the level at which their personal information is at risk. They are being offered a variety of free services to mitigate the potential misuse of personal information.