Health Information Management

Security breach puts 500,000 BlueCross members’ data at risk

HIM-HIPAA Insider, January 18, 2010

The theft of 57 hard drives from a BlueCross BlueShield of Memphis, TN, training facility last October has put at risk the private information of approximately 500,000 customers in at least 32 states, the insurer said last week in an investigation update.

The hard drives were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The drives contained 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members.

The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009.

The files contained customers' personal data and protected health information that was encoded but not encrypted, including:

  • Names and BlueCross ID numbers.
  • In some recordings–but not all—diagnostic information, date of birth, and/or  Social Security number. BCBS of TN estimates that the Social Security numbers of approximately 220,000 customers may be at risk.

Read the full story by John Commins of HealthLeaders Media.

Most Popular