DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Blue Cross of Idaho Notice of Privacy Breach

Posted on April 12, 2019 by Dissent

Boise, Idaho (April 12, 2019) – Blue Cross of Idaho Health Service, Inc. (“Blue Cross of Idaho”) is providing notice to certain members of a recent incident involving protected health information (“PHI”) which qualifies as privacy breach.

On March 21, 2019, an unauthorized user accessed Blue Cross of Idaho’s online provider portal with the intent of fraudulently rerouting a provider financial transaction. Blue Cross of Idaho stopped the attempted financial fraud and secured the portal. On March 22, 2019, Blue Cross of Idaho determined the unauthorized user was able to access provider remittance documents, which contained PHI.

The information the unauthorized user had access to includes member names, enrollee/subscriber number, date of service, healthcare provider name, the provider’s patient account number, claim number, claims payment information and procedure code. The information did not include any member’s Social Security number, driver’s license number, banking or credit card numbers or information about medical diagnoses.

Blue Cross of Idaho reported the incident to the Federal Bureau of Investigation (FBI), which opened an active investigation. Blue Cross of Idaho has also engaged internal and external cybersecurity and financial experts to review the provider portal and associated financial transactions. Based on the results of the investigation, Blue Cross of Idaho believes that the attacker was able to access information for approximately 1 percent of its overall membership.

Blue Cross of Idaho is cooperating fully with the FBI investigation and is continuing to review its provider portal and online security to ensure its members’ data is safe.

Blue Cross of Idaho is not aware of any improper use, or attempted use, of this information, but is actively taking steps to protect its members. In the next seven to 10 business days, most members will receive a new member ID card with a new member number. Any member that experiences problems using their benefits before receiving their new card is encouraged to call Blue Cross of Idaho’s Customer Service Department at 986-224-4154 or toll free at 833-623-7995.

To help protect our members’ identities, Blue Cross of Idaho is offering a complimentary three-year membership for credit monitoring and identity theft restoration services. Each affected member is receiving a personal notification letter with instructions on how to enroll in this service.

Blue Cross of Idaho recommends that all impacted members review their Explanation of Benefits (EOB) statements. If any member finds healthcare services listed on their EOB that they did not receive, they are strongly encouraged to contact Blue Cross of Idaho immediately.

While the provider remittance documents did not include any member’s bank account or credit card information, Blue Cross of Idaho still recommends that members remain vigilant to the possibility of fraud and identity theft by reviewing their bank, credit card and other financial statements for any unauthorized activity. Members should contact their bank directly if they would like to place an alert on their bank account or change their bank account number.

Blue Cross of Idaho takes this incident seriously and has taken multiple actions in response. Blue Cross of Idaho removed the unauthorized user’s access to the provider portal as soon as it was discovered. Blue Cross of Idaho reported the incident to the FBI and is cooperating fully with the investigation. Blue Cross of Idaho has also engaged both internal and external cybersecurity experts to review the incident. Blue Cross of Idaho is reviewing its financial accounts and provider portal to ensure that only legitimate transactions are occurring.

Blue Cross of Idaho is committed to making continuous improvements to its provider portal and online security based on the results of this investigation and best practices used across the industry.

If any member has questions or needs additional information, they can call the Blue Cross of Idaho Customer Service Department at 986-224-4154 or toll free at 833-623-7995.

Source: BLUE CROSS OF IDAHO

Category: HackHealth DataU.S.

Post navigation

← UT fired counselor accused of disclosing student’s PTSD
Questcare Medical Services notifies North Texas patients of data security breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.