Remember the BlueCross breach in Chattanooga from October. First it was 57 hard drives, then 68, then 3, then 1, depending on which report you read. Now it’s 57 again, it seems. Today, Blue Cross issued a breach notification on its web site, as required by the new HITECH Act:
Required Substitute HITECH Act Notice Regarding BlueCross Hard Drive Theft
Editor’s Note: BlueCross BlueShield of Tennessee has issued this press release as required by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5) and its implementing regulations.
CHATTANOOGA, Tenn. — On Monday, Oct. 5, 2009 at 10 a.m., BlueCross BlueShield of Tennessee, Inc. employees discovered a theft of computer equipment at a network closet located in its former Eastgate Town Center office location in Chattanooga, Tenn. The theft occurred Friday, Oct. 2, 2009 at approximately 6:13 p.m. BlueCross has established that the items taken include 57 hard drives containing data that was encoded but not encrypted.
The hard drives were part of a system that recorded and stored audio and video recordings of coordination of care and eligibility telephone calls from providers and members to BlueCross’ former Eastgate call center located in Chattanooga. The hard drives that were stolen contained data that included protected health information data of some members of the health plan. This data included member names and identification numbers and, on some but not all recordings, a diagnosis/diagnosis code, date of birth and/or a Social Security number.
BlueCross immediately investigated the breach and strengthened the existing security measures at the Eastgate Town Center where space was being leased. BlueCross is obtaining an independent assessment of system-wide data and facility security.
BlueCross has placed information on its Web site www.bcbst.com to provide its members information about this theft. The information includes the link to the Federal Trade Commission Web site, www.ftc.gov, where members can find information on steps they can take to protect against identity theft. Members can contact the BlueCross Eastgate Response Customer Call Center at 1-888-422-2786 to find out more information.
The back-up data of the stolen hard drives were restored and an exhaustive inventory of all data included on the drives is being conducted by BlueCross and Kroll Inc., a global leader in data security. BlueCross is in the process of sending rolling written notification to members as soon as they are identified as being affected by the data theft. The notification letters, which will be mailed to current and former BlueCross members, will specify the particular call center number that members should call. For any members whose Social Security number is identified at risk, credit monitoring services will be provided free of charge – which also includes up to a million dollars in identity theft insurance.
BlueCross has also engaged the services of Kroll to carry out the member notifications and provide its Enhanced Identity Theft Consultation and Restoration Services. Kroll’s Licensed Investigators are available to answer any questions or identity theft concerns. In addition, in the unlikely event a member sustained identity theft as a result of this incident, BlueCross would also provide Identity Theft Restoration service through Kroll.
BlueCross has notified the Secretary of the Department of Health and Human Services and the State of Tennessee. BlueCross has also placed a notice with all three credit bureaus regarding this theft.
If a member receives a notification letter, the member will then be directed to call one of the numbers below:
• BlueCross Eastgate Response Customer Call Center
1-888-422-2786 / 1-866-779-0487
• Members whose Social Security number has been at risk
1-866-599-7347
For up-to-date information related to the Eastgate theft visit the BlueCross Web site at www.bcbst.com.
About BlueCross
BlueCross BlueShield of Tennessee is the state’s oldest and largest not-for-profit health plan, serving nearly 3 million Tennesseans. Founded in 1945, the Chattanooga-based company is focused on financing affordable health care coverage and providing peace of mind for all Tennesseans. BlueCross serves its members by delivering quality health care products, services and information. BlueCross BlueShield of Tennessee Inc. is an independent licensee of BlueCross BlueShield Association. For more information, visit the company’s Web site at www.bcbst.com.
Update: BCBS’s notification to Maryland is now available online.
The only thing that makes this story entertaining is the arrogance that permeates BCBS.
D. Kellus Pruitt DDS