[BreachExchange] Blue Cross blames vendor for breach of customer information in R.I.

Destry Winant destry at riskbasedsecurity.com
Fri Sep 14 01:24:32 EDT 2018


http://www.providencejournal.com/news/20180912/blue-cross-blames-vendor-for-breach-of-customer-information-in-ri

PROVIDENCE, R.I. — Blue Cross & Blue Shield of Rhode Island has
disclosed a breach of personal health-care information affecting 1,567
people that the insurer blames on an unnamed vendor responsible for
sending benefits explanations, also known as health-care services
summaries, to members.

In a media release Tuesday afternoon, the insurer said that some
summaries “were sent to the wrong BCBSRI member in the same household
or on the same family policy ... In no case, however, was any
information disclosed to anyone other than a family member or a person
covered on the same family policy.”

The mistake stemmed from Blue Cross’ use of a vendor “to combine
healthcare service summaries for some members who were covered on the
same policy in an effort to reduce the number of summaries members
received. In mid-July, BCBSRI learned that in some instances, the
summaries were being combined incorrectly by the vendor, resulting in
summaries being sent to the wrong family member or other person
covered on their family policy.”

On discovering what happened, the insurer said, “we immediately
directed the vendor to stop combining healthcare services summaries.
For now, members are receiving an individual summary for each service
while BCBSRI explores a long-term solution that would allow services
to be grouped into one summary.”

According to BCBSRI, summaries include a member’s name, the BCBSRI ID
number, service provider, type of service provided and cost of a
claim.

“A member’s social security number and date of birth are not included
in these summaries,” the insurer said. “We believe the risk of
identity theft as the result of this issue is very low because social
security number was not included and the person receiving the
information was a family member or person covered on the same family
policy.”

In its statement, the insurer apologized and said it “takes the
confidentiality of our members seriously.” Affected members will
receive notification by mail and those with questions may call
1-800-639-2227.


More information about the BreachExchange mailing list