Identity Theft Articles

BlueCross BlueShield Data Breach Affects One Million

Personal information of nearly one million BCBS members compromised

A recent update announced by Tennessee's BlueCross BlueShield shows that the number of members affected by the October 2008 data breach has climbed to almost one million, Health Data Management reports.

The theft of 57 hard drives initially left 521,761 members vulnerable to identity theft, as of mid-March. BCBS immediately categorized members into tiers based on the level of risk the theft exposed them to, as well as the amount and significance of the member's personal information that existed on the hard drive. Notification letters to members in all tiers have been mailed. Members in tier one are considered low-risk at having their names, addresses and dates of birth revealed and used for purposes of identity theft. Those in tier two are at medium-risk of having their personal information compromised, including any medical or diagnostic results. Those in tier three, considered high-risk, have also been notified that their personal information, medical records, and social security number may be in jeopardy.

"As of April 2, 2010, a total of 998,422 current and former members have been identified at being at risk," BCBS of Tennessee spokeswoman Mary Thompson told Health Leaders Media.

Each of the members affected by the data breach has been enrolled in identity theft protection programs and will receive credit monitoring services for one year. The data breach has cost BCBS of Tennessee a reported $7 million, according to HDM.

The BCBS data breach is just one in a string of data compromises that have put millions of Americans at risk for identity theft and medical identity theft. Medical identity theft is the fastest growing type of identity theft and poses financial and health dangers to patients whose identities have been stolen. Thieves use their victims' medical records and insurance information to obtain medical services and submit false medical claims.

Those who use a victim's name to receive treatment pose a particular danger to their victim by adding new information to medical records that may interfere with future treatment. For example, a patient who is unaware that their medical records have been changed may undergo a surgery and mistakenly receive the wrong blood type or a medication they are allergic to. The transfer of medical records to an electronic medical database increases an individual's vulnerability to medical identity theft.