DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Blue Cross Blue Shield of Florida notifies almost 7,400 members that their EOBs were sent to wrong addresses

Posted on March 6, 2011 by Dissent

A press release issued by Blue Cross Blue Shield of Florida, seen on SacBee:

In late January 2011, Blue Cross and Blue Shield of Florida (BCBSF) discovered that, because of a system error, it had inadvertently mailed some member health information to incorrect addresses. BCBSF regrets that this error occurred. BCBSF fixed the issue the same day it was discovered and current addresses are now in place for all of these members. BCBSF has evaluated its systems and made the appropriate changes to prevent this error from reoccurring.

The company recently converted to a new source of customer mailing address information. This new system tracks both prior and current member mailing addresses. During the system conversion, a limited number of old customer mailing addresses were inadvertently identified as the current addresses. Fewer than 7,400 members (out of nearly 4 million members) were impacted when their information was mailed to a former mailing address during the three month period since the system conversion. The mail sent to the former addresses included explanation of benefit forms. No social security numbers, date of birth or other financial information were included on the information sent to the incorrect addresses.

BCBSF has taken the appropriate steps to rectify this situation and has contacted the affected members. Members who think they may have been affected by this incident and who have not received any notification from the company should call this dedicated customer service number: 1-877-526-1013.

[…]

Okay, BCBSFL is certainly not the first insurer to report a mailing gaffe, and I understand why they issued the press release as this is a reportable breach under HITECH. Somewhat surprisingly, though, I do not see any notice prominently linked from their home page. Although such notice is not required if other methods of notification are used, it’s becoming pretty common for entities to post the breach notice on their web site with a prominent link to it on the home page.

Blue Cross Blue Shield of Florida was recently mentioned in another breach involving improper disposal of records. In that breach, which involved less than 500 applicants, BCBSFL did not issue any press release. Indeed, they didn’t even respond to my inquiry about whether they were in possession of the applications or if the discarded applications were still in the hands of the individual who had found them in a dumpster. If anyone has any additional details on that one, please post them or email me.

[headline corrected to reflect mis-mailing to wrong addresses]

Related posts:

  • Mailing and printing vendor issues breach notice on behalf of more than three dozen health plans
Category: Health Data

Post navigation

← MetLife fined and ordered to provide credit monitoring to consumers after breach
Hard drive from Alaska Dept. of Education with 89,519 students’ information stolen →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hunters International to provide free decryptors for all victims as they shut down (1)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.