- The compromised information includes first and last names, addresses, birth dates, identification numbers, genders and more details of customers.
- No Social Security numbers and financial account details were affected in the breach.
Blue Cross Blue Shield of Michigan has suffered a potential data breach that may have resulted in the exposure of personal data of nearly 15,000 customers. The breach occurred in late October 2018 after a laptop belonging to an employee of a vendor contracted by a Blue Shield subsidiary, COBX Co., was stolen.
Type of information compromised
According to the reports, the device was stolen on October 26 and Blue Cross officials were notified about the theft on November 12. The company said that hackers may have obtained the employee’s credentials prior in order to steal data.
The information compromised in the breach includes first and last names, addresses, birth dates, identification numbers, genders, medications, diagnoses and insurance provider information of customers.
However, no Social Security numbers and financial account details were affected as they were not stored on the laptop.
Addressing the issue
Blue Cross was quick at taking remedial steps to prevent further damages. It promptly changed the employee’s credentials. In addition, it is working towards enhancing the security of its systems. It has also notified the impacted customers about the breach via email.
“We’re currently working closely with our subsidiary company to review policies and procedures and put additional safeguards in place. At Blue Cross and Blue Care Network, we take the security of our members’ protected health information very seriously and sincerely apologize for this incident,” Kelly Lange, Blue Cross’ Vice-President said in a statement, Detroit News reported.
As a part of the precautionary measure, the firm is also providing free-identity protection services to all the affected members for a period of one year.
It is noteworthy that in another incident this year, the data of 16,000 Blue Cross patients was exposed due to an employee error. Such incidents are a reminder for the healthcare sector companies to employ stronger cybersecurity measures and training their staff to follow best security etiquettes.