BlueCross BlueShield of Tennessee has announced that a recent security breach might have compromised the personal and health data of about 500,000 members, HealthLeaders Media reports.
The insurer reported that 57 hard drives were stolen from a training facility in October 2009. The hard drives contained 1.3 million audio files of recorded phone conversations with members and health care providers. They also contained video files of customer service representatives.
The audio files contained members' names and information such as:
- BCBS identification numbers;
- Birth dates; and
- Diagnostic information.
In addition, BCBS estimated that the files contained the Social Security numbers of about 220,000 members.
The insurer said the information on the drives was encoded but not encrypted. The company said it has not encountered any evidence that the missing data have been accessed or misused (Commins, HealthLeaders Media, 1/14).
Notifying the Public
BCBS said it has sent letters informing about 157,000 members about the data breach. The company said it would offer credit monitoring services to affected members (Crisp, Chattanooga Times Free Press, 1/13).
The company also announced that it has sent notices about the breach to:
- HHS;
- Media outlets in states with 500 or more affected members;
- Tennessee state officials; and
- The Tennessee attorney general's office.
The health IT provisions of the 2009 federal economic stimulus package requires organizations to notify such parties about health data breaches (HealthLeaders Media, 1/14).