[BreachExchange] Horizon says privacy breach could affect up to 170K N.J. customers

Tue Nov 15 19:53:16 EST 2016

http://www.nj.com/healthfit/index.ssf/2016/11/horizon_
alerts_170k_customers_to_possible_privacy.html

Some benefit letters mailed to as many as 170,000 Horizon Blue Cross Blue
Shield of New Jersey customers over a recent three-day period included the
names, policy numbers and the physician information of other policy holders
— a privacy breach created by a printing error, the insurance company
announced Monday.

Horizon pledged to monitor the accounts of affected policy holders for
fraudulent activity, according to a statement from the insurance company's
printing vendor that made the error, Command Marketing Innovations of
Garfield.

Command Marketing referred questions to Horizon.

"While no social security numbers, financial information, addresses or
dates of birth were included on the statements, (the letters) may include
member name, member ID number, claim number, date of service, limited
description of services, service codes or provider/facility name,"
according to the announcement.

The letters known as the explanation of benefits or EOB, and the
explanation of payment or EOP sent to medical providers were printed on
Oct. 31, Nov. 1 and Nov. 2. The error was caught on Nov. 2 and printing was
halted immediately, the announcement said.

"Horizon BCBSNJ will monitor impacted members' accounts for any potential
fraudulent submission of medical claims. Corrected EOBs and EOPs will be
reissued within the next week and notifications of the error will be mailed
to impacted Horizon BCBSNJ members," the announcement said.

Cheryl Vass of Clark said she and her daughter in Cranford both received
the incorrect letters and contacted Horizon immediately to express concern
about their private information. Vass said the Horizon employee she reached
took her name and number and promised to "add it to the list."

"I asked, 'Should I worry about anything?' Vass said.

"The thing that worries me is I have got someone's name and health
insurance number. I'm not going to do anything with it. But someone else
has my name and card number. What are they going to do?"

She said her daughter also called to report the error. "The person she got
was more caring and apologized," she said.

Horizon spokesman Kevin McArdle said it is unclear how many of the 170,000
letters that were printed over the three-day period contained information
about other customers.

"Horizon continues to work with the vendor to determine exactly how many
members were impacted, but we do know that approximately 170,000 envelopes
were mailed," he said.

McArdle also said he did not know how many people had called to complain.
He said he was not aware of reports of suspicious activity as a result of
the privacy breach.

In 2014, two laptops were stolen from Horizon's Newark headquarters which
contained unencrypted information of 840,000 policy holders. The
information included names, addresses, date of births and some social
security numbers and limited medical information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161115/88c74ca3/attachment.html>