Blue Cross reports about possible data breaches to nearly 15,000 customers
- The information includes first and last names, addresses, date of birth, identification numbers, genders and more customer details.
- No social security numbers and details of the financial account were affected in the violation.
Blue Cross Blue Shield of Michigan has suffered a potential data breach that could lead to the exposure of nearly 15,000 customers ‘ personal data. The violation occurred in late October 2018 following the stolen of a laptop belonging to an employee of a vendor contracted by a subsidiary of Blue Shield, COBX Co.
Information type compromised
The device was stolen on 26 October and the robbery was reported to Blue Cross officials on 12 November. The company said that hackers could have obtained credentials from the employee beforehand to steal the data.
The information affected includes first and last names, addresses, date of birth, identification numbers, genders, medications, diagnoses and customer insurance information.
Since they were not stored on the laptop, however, no social security numbers and financial account details were concerned.
The Blue Cross problem was addressed quickly to take remedial measures to prevent further damage. It quickly changed the credentials of the employee. In addition, it works to improve the security of its systems. It also informed the affected customers via email of the breach.”
We are working closely with our subsidiary to review policies and procedures and introduce further safeguards.
At the Blue Cross and Blue Care Network, we take the safety of health information protected by our members very seriously and sincerely apologize for this incident, “said Kelly Lange, Vice President of Blue Cross in a statement, reported Detroit News.
The company also provides free identity protection services to all concerned members for a period of one year as part of the precautionary measure.
It should be noted that 16,000 Blue Cross patients were exposed in another incident this year due to an employee error. Such incidents remind healthcare companies to use stronger cybersecurity measures and train their employees to adhere to the best safety labels.