[BreachExchange] Blue Cross of Idaho says some customer information revealed in data breach

Destry Winant destry at riskbasedsecurity.com
Tue Apr 16 09:27:06 EDT 2019 

https://www.idahopress.com/news/local/blue-cross-of-idaho-says-some-customer-information-revealed-in/article_8f951238-f119-5172-9c1b-e7f1576aa165.html

Blue Cross of Idaho announced Friday it recorded a data breach
involving protected health information.

An unauthorized user accessed Blue Cross of Idaho’s online provider
portal with the intent of redirecting a financial transaction,
according to a news release from Blue Cross. Some of the documents
accessed by the user contained protected information.

The information accessed in the data breach did not contain Social
Security numbers, driver’s license numbers or banking information,
according to the release. It did, however, contain member names,
enrollee numbers, account numbers, names of health care providers,
claim numbers, claims payment information and procedure code.

The FBI is conducting an investigation, which Blue Cross is cooperating with.

The individual who accessed the information was able to see details on
roughly 1 percent of Blue Cross’ customers.

“On March 21, 2019, Blue Cross of Idaho was the target of an attempted
financial crime. An unauthorized user sought to fraudulently obtain
money by rerouting a financial transaction,” Paul Zurlo, Executive
Vice President for Sales Marketing and Communication, told the Idaho
Press in a statement. “Blue Cross of Idaho prevented the attempt, and
we contacted the Federal Bureau of Investigation. The perpetrator
accessed documents which contained private health information.”

Blue Cross has notified the affected customers, according to the statement.

“We are offering them three years of complimentary credit monitoring
and identity protection services,” according to Zurlo. “We take
consumers’ privacy very seriously, and we are committed to keeping our
members’ data secure.”

Blue Cross of Idaho spokesman Bret Rumbeck said Blue Cross of Idaho
has roughly 560,000 customers total, meaning the number of affected
customers in the data breach is about 5,600. He also could not offer
more information about the data breach, as it involves an active FBI
investigation.

Blue Cross stated it is not aware of this information being used as of
now. Still, the company will issue new ID cards and numbers to
affected members, according to the news release.

More information about the BreachExchange mailing list