Boise, Idaho (April 12, 2019) – Blue Cross of Idaho Health Service, Inc. (“Blue Cross of Idaho”) is providing notice to certain members of a recent incident involving protected health information (“PHI”) which qualifies as privacy breach.
On March 21, 2019, an unauthorized user accessed Blue Cross of Idaho’s online provider portal with the intent of fraudulently rerouting a provider financial transaction. Blue Cross of Idaho stopped the attempted financial fraud and secured the portal. On March 22, 2019, Blue Cross of Idaho determined the unauthorized user was able to access provider remittance documents, which contained PHI.
The information the unauthorized user had access to includes member names, enrollee/subscriber number, date of service, healthcare provider name, the provider’s patient account number, claim number, claims payment information and procedure code. The information did not include any member’s Social Security number, driver’s license number, banking or credit card numbers or information about medical diagnoses.
Blue Cross of Idaho reported the incident to the Federal Bureau of Investigation (FBI), which opened an active investigation. Blue Cross of Idaho has also engaged internal and external cybersecurity and financial experts to review the provider portal and associated financial transactions. Based on the results of the investigation, Blue Cross of Idaho believes that the attacker was able to access information for approximately 1 percent of its overall membership.
Blue Cross of Idaho is cooperating fully with the FBI investigation and is continuing to review its provider portal and online security to ensure its members’ data is safe.
Blue Cross of Idaho is not aware of any improper use, or attempted use, of this information, but is actively taking steps to protect its members. In the next seven to 10 business days, most members will receive a new member ID card with a new member number. Any member that experiences problems using their benefits before receiving their new card is encouraged to call Blue Cross of Idaho’s Customer Service Department at 986-224-4154 or toll free at 833-623-7995.
To help protect our members’ identities, Blue Cross of Idaho is offering a complimentary three-year membership for credit monitoring and identity theft restoration services. Each affected member is receiving a personal notification letter with instructions on how to enroll in this service.
Blue Cross of Idaho recommends that all impacted members review their Explanation of Benefits (EOB) statements. If any member finds healthcare services listed on their EOB that they did not receive, they are strongly encouraged to contact Blue Cross of Idaho immediately.
While the provider remittance documents did not include any member’s bank account or credit card information, Blue Cross of Idaho still recommends that members remain vigilant to the possibility of fraud and identity theft by reviewing their bank, credit card and other financial statements for any unauthorized activity. Members should contact their bank directly if they would like to place an alert on their bank account or change their bank account number.
Blue Cross of Idaho takes this incident seriously and has taken multiple actions in response. Blue Cross of Idaho removed the unauthorized user’s access to the provider portal as soon as it was discovered. Blue Cross of Idaho reported the incident to the FBI and is cooperating fully with the investigation. Blue Cross of Idaho has also engaged both internal and external cybersecurity experts to review the incident. Blue Cross of Idaho is reviewing its financial accounts and provider portal to ensure that only legitimate transactions are occurring.
Blue Cross of Idaho is committed to making continuous improvements to its provider portal and online security based on the results of this investigation and best practices used across the industry.
If any member has questions or needs additional information, they can call the Blue Cross of Idaho Customer Service Department at 986-224-4154 or toll free at 833-623-7995.
Source: BLUE CROSS OF IDAHO