Philadelphia-based healthcare organization Independence Blue Cross (IBC) acknowledged that it suffered a data breach on April 23, 2018. The firm disclosed that an independent employee uploaded patients’ personal health information (PHI) on a website that could be accessed by anyone. The data remained publicly exposed between April 23, 2018, and July 20, 2018.
According to a report by KYW news radio, around 17,000 patients were affected by the breach. The data exposed included names, dates of birth, diagnosis codes and more. Information such as patients’ insurance claim numbers, referral numbers and service dates were also exposed by the breach.
Shortly after IBC was notified about the breach, it firm immediately removed the file containing the stolen data from the public website. The healthcare firm is yet to determine whether any of the data exposed was misused.
“After a thorough investigation, we are unable to determine if protected health information was accessed, and are unaware of any actual or attempted misuse of this information,” Independence Blue Cross said in a statement.
The firm has begun notifying potentially affected customers and is offering two years worth of free identity protection services to those affected by the breach. IBC also said that it is working towards bolstering its security to better protect itself from future attacks.