The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last fall has put at risk the private information of nearly one million customers in least 32 states, the insurer said this week in an investigative update.
So far, there has been no documented identity theft or credit fraud affecting BlueCross members as a result of this incident, BCBS of Tennessee said in a media release.
"As of April 2, 2010, a total of 998,422 current and former members have been identified at being at risk," said BCBS of Tennessee spokeswoman Mary Thompson, adding that the total figure includes 447,549 current and former members identified in the lowest-risk Tier 1 category.
"These newly-identified members in Tier 1 began receiving their notification letters the week of April 5. To date, a total of 550,873 notifications have been sent to members indicating that their personal information was included on the stolen hard drives," Thompson said.
The hard drives containing 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009. The files contained customers' personal data and protected health information that was encoded but not encrypted.
So far, notices have been sent to all 238,589 members in the Tier 3 category, who had their name, address, BlueCross member ID number, diagnosis, Social Security number, and/or date of birth included in the stolen hard drives.
Additionally, 312,284 current and former members have been identified in the Tier 2 category, which includes name, address, BlueCross member ID number, date of birth, and/or diagnosis. So far, 146,612 Tier 2 members have received notifications.
The number of members reported in the Tier 2 category is larger because of BlueCross' decision to offer remediation services to all family members associated with the specific subscriber ID number identified during the data audit process. This decision was made to ensure all potentially at-risk members are protected.
So far, 24,780 members have contacted Equifax to begin a free credit monitoring service offered to members in Tier 3. Another 2,512 members have started LifeLock services for minors in Tier 3. All 998,422 members and former members have been enrolled in the Kroll ID Theft Smart program.
John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.