Erin L. Nissley reports that personal and medical information for approximately 500 Penn Foster employees was stolen from the home of an unnamed business associate of Blue Cross of Northeastern Pennsylvania. The business associate’s name will be public information when the breach is posted on HHS’s breach tool, but for now, here’s what we know from the Scranton Times Tribune report:
According to Blue Cross spokesman Anthony Matrisciano, a business associate took home reports that contained information on First Priority Life Insurance Company policyholders.
He said he did not have details about what personal information might have been contained on the reports.
Hard copies of the reports and a laptop containing similar information was stolen from the business associate’s home after flooding in the Wilkes-Barre area led to mandatory evacuations on Sept. 9. Mr. Matrisciano said the reports and the laptop were recovered within a few days.
“It did not appear the laptop had been accessed,” Mr. Matrisciano said.
Blue Cross was notified about the theft on Sept. 12 and conducted an internal investigation, Mr. Matrisciano said. Letters to Penn Foster employees went out on Sept. 23; employees affected will be given one year of free credit monitoring, he added.
I’m somewhat surprised that this resulted in a notification if the data were recovered in a few days. I would have thought that the risk of harm assessment would suggest very low risk, but I guess Blue Cross and Penn Foster are erring on the side of caution here. If so, kudos to them.
Read more on Scranton Times Tribune.