DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

BCBS of TN issues breach notification for stolen hard drive

Posted on December 4, 2009 by Dissent

Remember the BlueCross breach in Chattanooga from October. First it was 57 hard drives, then 68, then 3, then 1, depending on which report you read. Now it’s 57 again, it seems. Today, Blue Cross issued a breach notification on its web site, as required by the new HITECH Act:

Required Substitute HITECH Act Notice Regarding BlueCross Hard Drive Theft

Editor’s Note: BlueCross BlueShield of Tennessee has issued this press release as required by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5) and its implementing regulations.

CHATTANOOGA, Tenn. — On Monday, Oct. 5, 2009 at 10 a.m., BlueCross BlueShield of Tennessee, Inc. employees discovered a theft of computer equipment at a network closet located in its former Eastgate Town Center office location in Chattanooga, Tenn. The theft occurred Friday, Oct. 2, 2009 at approximately 6:13 p.m. BlueCross has established that the items taken include 57 hard drives containing data that was encoded but not encrypted.

The hard drives were part of a system that recorded and stored audio and video recordings of coordination of care and eligibility telephone calls from providers and members to BlueCross’ former Eastgate call center located in Chattanooga. The hard drives that were stolen contained data that included protected health information data of some members of the health plan. This data included member names and identification numbers and, on some but not all recordings, a diagnosis/diagnosis code, date of birth and/or a Social Security number.

BlueCross immediately investigated the breach and strengthened the existing security measures at the Eastgate Town Center where space was being leased. BlueCross is obtaining an independent assessment of system-wide data and facility security.

BlueCross has placed information on its Web site www.bcbst.com to provide its members information about this theft. The information includes the link to the Federal Trade Commission Web site, www.ftc.gov, where members can find information on steps they can take to protect against identity theft. Members can contact the BlueCross Eastgate Response Customer Call Center at 1-888-422-2786 to find out more information.

The back-up data of the stolen hard drives were restored and an exhaustive inventory of all data included on the drives is being conducted by BlueCross and Kroll Inc., a global leader in data security. BlueCross is in the process of sending rolling written notification to members as soon as they are identified as being affected by the data theft. The notification letters, which will be mailed to current and former BlueCross members, will specify the particular call center number that members should call. For any members whose Social Security number is identified at risk, credit monitoring services will be provided free of charge – which also includes up to a million dollars in identity theft insurance.

BlueCross has also engaged the services of Kroll to carry out the member notifications and provide its Enhanced Identity Theft Consultation and Restoration Services. Kroll’s Licensed Investigators are available to answer any questions or identity theft concerns. In addition, in the unlikely event a member sustained identity theft as a result of this incident, BlueCross would also provide Identity Theft Restoration service through Kroll.

BlueCross has notified the Secretary of the Department of Health and Human Services and the State of Tennessee. BlueCross has also placed a notice with all three credit bureaus regarding this theft.

If a member receives a notification letter, the member will then be directed to call one of the numbers below:

• BlueCross Eastgate Response Customer Call Center

1-888-422-2786 / 1-866-779-0487

• Members whose Social Security number has been at risk

1-866-599-7347

• [email protected]

For up-to-date information related to the Eastgate theft visit the BlueCross Web site at www.bcbst.com.

About BlueCross

BlueCross BlueShield of Tennessee is the state’s oldest and largest not-for-profit health plan, serving nearly 3 million Tennesseans. Founded in 1945, the Chattanooga-based company is focused on financing affordable health care coverage and providing peace of mind for all Tennesseans. BlueCross serves its members by delivering quality health care products, services and information. BlueCross BlueShield of Tennessee Inc. is an independent licensee of BlueCross BlueShield Association. For more information, visit the company’s Web site at www.bcbst.com.

No related posts.

Category: Health Data

Post navigation

← EIU warns of student data security breach (updated)
Security breach compromises information on 1,400 District 86 grads →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.