Approximately one year after the theft of 57 hard drives containing member data from a leased facility in Chattanooga, BlueCross Blue Shield of Tennessee provided an update on the breach to the New Hampshire Attorney General’s Office.
BCBS had assigned the affected individuals to one of three “tiers.” Tier 1 included those whose Social Security Numbers were involved, Tier 2 included those who had no SSN but who had diagnostic or health information as well as other personal information, and Tier 3 included those who had some forms of personally identifiable information but no SSN and no health information.
According to their letter dated October 15, the total number of individuals affected was 1,023,209. Of those, 451, 274 individuals were Tier 1, while 319,325 were Tier 2, and 239,730 were Tier 3.
To date, BCBS has received less than 10 requests for credit restoration services from individuals in Tier 1, and does not believe that those 10 cases were due to the breach although they approved and paid for the credit restoration services.
The company says that it will continue to monitor for potential harm to its members and to cooperate with law enforcement in investigating the theft but has, by now, notified everyone whose identity could reasonably be determined from the drives.
Previous coverage of this breach on PHIprivacy.net can be found here.