[BreachExchange] Independence Blue Cross discloses data breach by employee

Destry Winant destry at riskbasedsecurity.com
Tue Sep 18 23:18:06 EDT 2018


http://www2.philly.com/philly/business/consumer_news/independence-blue-cross-data-breach-website-20180917.html

Independence Blue Cross on Monday disclosed a data breach affecting
roughly 17,000 people that was caused by an employee who uploaded
member information to a public website.

The Philadelphia-based health insurer said members' names, birth
dates, diagnosis codes, provider identifications, and other
information used to process claims were exposed on the website between
April 23 and July 20.

The incident did not involve social security numbers, financial data,
or credit information, Independence said in a news release.

The insurer said less than 1 percent of its 2.8 million members were
affected. Most of the affected members live in Pennsylvania and New
Jersey, though some live in other states, an Independence spokesman
said.

Independence said it can't determine whether protected health
information was accessed and is unaware of any misuse of the data.

Independence said it is notifying affected members and offering 24
months of free credit monitoring and identity protection services.

The insurer said "appropriate action" was taken with the employee who
uploaded a file with member information to the public website.

"Information privacy and security are among Independence's highest
priorities," Independence said in a statement. "Upon learning of this
incident, Independence quickly took steps to ensure the file was
permanently removed from the website. Independence reviewed company
policies and procedures and implemented additional technical controls
to help prevent future incidents of this kind."


More information about the BreachExchange mailing list