Emil Berry reports on a recent breach that was originally described as affecting “tens of thousands” of people. Now it appears that the breach was much bigger:
A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.
The file included the name, address, tax identification number and national provider identifier number for about 850,000 doctors, Jeff Smokler, spokesman for the Chicago-based Blues association, said Oct. 6. That number represents every physician who is part of the BlueCard network, which allows Blues members to access networks in other states, Smokler said.
Some 16% to 22% of those physicians listed — as many as 187,000 — used their Social Security numbers as a tax ID or NPI number, Smokler said.
[…]
An unidentified employee downloaded the unencrypted file onto his personal computer to work on it at home, a practice that is against company policy, he said.
Read more on amednews.com