Software updates are an all-too-common source of breaches. Here’s another one, this involving Blue Shield of California. From their notification to the California Attorney General’s Office:
As the (unintended) result of a computer code update Blue Shield made to the website on May 9, three users who logged into their own website accounts simultaneously with (at the exact same time as) another user were able to view member information associated with the other user’s website account.
Blue Shield Privacy Office was notified of the problem on May 18. The site was taken offline, and the coding problem was corrected.
The PHI that was exposed to other membes included first and last name, Social Security number, Blue Shield identification number, date of birthm, and home address.
Users who accidentally accessed other members’ information affirmed that they securely deleted the information and did not share it or use it.