Independence Blue Cross reports data breach affecting 17,000 members

The average cost of a data breach has grown to US$3.86 million, a new report suggests (Image matejmo / iStockPhoto)
The Philadelphia insurer says the breach occurred after an employee uploaded a document to a public website. (matejmo/iStockPhoto)

A major Philadelphia insurer is warning 17,000 members their health information may have been compromised as part of a data breach resulting from employee error.

After launching an investigation in July, Independence Blue Cross determined that an employee uploaded a file containing member information to a public-facing website. The document was accessible between April 23 and July 20.

Although the insurer was unable to determine whether the data was actually accessed, it is warning members that unauthorized users could have viewed their medical information, including diagnosis codes, provider information and other claims-related information.

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

Independence Blue Cross says the incident did not involve Social Security numbers or financial information.

“Information privacy and security are among our highest priorities,” the company wrote in a notice (PDF) to members. “Independence has strict security measures in place to protect information in its care. Upon learning of this incident, Independence quickly took steps to ensure the file was permanently removed from the website.”

The insurer is offering 24 months of free identity protection services to affected members. It also says it has implemented new technical controls and reviewed its security policies and procedures. 

RELATED: Number of patient records compromised by data breaches dropped 80% in 2017

Employee errors continue to be a significant cybersecurity hurdle for healthcare organizations, with insiders making up a significant portion of data breaches. Most health IT executives see employees as their biggest threat

While providers make up the vast majority of reported breaches, insurers have been hit with some of the largest incidents. Most notably, Anthem was hit with an attack in 2015 that affected nearly 80 million members and ultimately led to a $115 million settlement.

Suggested Articles

Humana filed suit Friday against more than a dozen generic drugmakers alleging the companies engaged in price fixing.

Ochsner Health System is partnering with Color to launch a population health pilot program to integrate genetic information into preventive care.

Medicare Advantage open enrollment kicked off last week, and insurers are taking new approaches to marketing a slate of supplemental benefit options.