Julie M. Donnelly reports:
Blue Cross Blue Shield of Massachusetts has disclosed that a contracted vendor compromised an employee’s data at the state’s largest health insurer. The health plan said its cyber-security systems were not breached, no medical information was involved,and no health plan members’ personal information was compromised.
The health plan issued a statement that read in part:
“Upon discovering this incident, we took immediate action to protect our current and former employees’ information and we have referred the matter to the Massachusetts Attorney General’s Office. We are treating this matter very seriously and regret any inconvenience or concerns this may have caused our employees.
Read more on Boston BusinessJournal. Note that they only have evidence that one employee’s data were misused.
Robert Weisman of the Boston Globe provides additional details, but neither report names the vendor. Why would BCBS-MA shield that info and take the reputation hit themselves instead of where it more properly lies?