Health Leaders Media reported that 57 hard drives were stolen from a BlueCross BlueShield of Tennessee facility. The theft was discovered October 5, 2009 and it affected at least 500,000 patients in 32 states:
"The hard drives containing 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009."
The data was encoded but not encrypted. The stolen data included patients' names and BlueCross identification numbers; plus some but not all records included diagnostic information, date of birth, and Social Security numbers. BCBS of Tennessee estimated that Social Security numbers were stolen for about 220,000 patients.
Unfortunately, all of this is usable information for identity thieves for resale or for medical fraud. The good news:
"Three levels of risk have been identified for those customers whose information may be at risk. Letters are being mailed to these current and former BlueCross customers explaining the level at which their personal information is at risk. They are being offered a variety of free services to mitigate the potential misuse of personal information."
BCBS of Tennesse notified consumers in a timely fashion. BCBS of Tennesse first announced the theft on October 7 in a press release at its Web site. And, BCBS of Tennesse also hired Kroll, which was a good move.
Patients or consumers who have questions, can contact BCBS of Tennessee Privacy Office Hotlines at 1-888-422-2786 or 1-888-455-3824 or via e-mail. More information is available for consumers at the BCBS of Tennessee site.