Friday, January 22, 2016

Security Breach Exposes Info of Blue Shield of California Members

Insurer's IT systems not hit in incident that affected 21K customers
Blue Shield of California has experienced a security breach that exposed the personal information of nearly 21,000 customers last year, the Orange County Register reports.

No data systems at the insurer were affected, according to a letter sent to members; rather, the unauthorized access between September and December 2015 occurred because of misuse of Blue Shield customer service representatives' log-in information. The compromised information could include names, addresses, dates of birth and Social Security numbers, the insurer says.
"We take this issue seriously and regret the concern it may cause," Blue Shield tells members in its letter. "We are working internally and with our vendor to improve our overall security procedures in order to provide additional protections for your personal information." It also is offering affected customers a one-year membership in a credit-tracking service.

The insurer is just the latest Blues company to experience a breach, following in the footsteps of Premera Blue CrossExcellus BlueCross BlueShieldCareFirstand Anthem--which faced a cyberattack that exposed 80 million members' data. Officials familiar with the Anthem breach have said they believe Chinese hackers may have targeted the insurer in order to learn more about the U.S. healthcare system.

In the wake of those cyberattacks, the national Blue Cross Blue Shield Associationannounced in July that it will offer free identity protection services to its 106 million member starting Jan. 1 of this year. Yet concerns remain about how the industry is responding to cybersecurity threats, as a readiness exercise conducted in December showed that some insurers' response plans still come up short when put to the test.  

The recently passed Cybersecurity Information Sharing Act seeks to improve cybersecurity threat preparedness in both the government and private sector, but at least one expert believes it "creates a framework that provides few, if any, privacy and security benefits to the general public," FierceHealthIT has reported.
To learn more:
- here's the Orange County Register report
- view the letter to Blue Shield members

Thank You Ms Small and FH.

No comments: