The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last fall has put at risk the private information of approximately 521,761 customers in at least 32 states, the insurer said this week in an investigative update.
Of those customers identified as being at risk, 220,133 have received notices that their personal information was included on the stolen hard drives, BCBS of Tennessee said in a media release.
The hard drives containing 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009. The files contained customers' personal data and protected health information that was encoded but not encrypted.
The 220,133 members notified are in the so-called Tier 3 category, confirmed as having their name, address, BlueCross member ID number, diagnosis, Social Security number, and/or date of birth included in the stolen hard drives. Notifications have been sent to all identified Tier 3 members.
Additionally, 301,628 current and former members have been identified in the Tier 2 category. Members in the Tier 2 category of personal information (name, address, BlueCross member ID number, date of birth, and/or diagnosis) will begin to receive their notifications with details of the hard drive theft and remediation services offered to them in mid-February, the insurer said.
The number of members reported in the Tier 2 category is larger because of BlueCross' decision to offer remediation services to all family members associated with the specific subscriber ID number identified during the data audit process. This decision was made to ensure all potentially at-risk members are protected.
To illustrate this point, 131,909 subscriber ID numbers were identified during the review of the customer service calls and there were 169,719 family members associated with the member ID numbers. Each of these 131,909 subscribers will receive a Tier 2 letter that extends the offer of remediation to all family members.
As of Feb. 5, there have been no reports of identity theft or credit fraud of BlueCross members as a result of the theft, the insurer said.
John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.