Blue Shield of California has experienced a security breach that exposed the personal information of nearly 21,000 customers last year, the Orange County Register reports.
No data systems at the insurer were affected, according to a letter sent to members; rather, the unauthorized access between September and December 2015 occurred because of misuse of Blue Shield customer service representatives' log-in information. The compromised information could include names, addresses, dates of birth and Social Security numbers, the insurer says.
"We take this issue seriously and regret the concern it may cause," Blue Shield tells members in its letter. "We are working internally and with our vendor to improve our overall security procedures in order to provide additional protections for your personal information." It also is offering affected customers a one-year membership in a credit-tracking service.
The insurer is just the latest Blues company to experience a breach, following in the footsteps of Premera Blue Cross, Excellus BlueCross BlueShield, CareFirst and Anthem--which faced a cyberattack that exposed 80 million members' data. Officials familiar with the Anthem breach have said they believe Chinese hackers may have targeted the insurer in order to learn more about the U.S. healthcare system.
In the wake of those cyberattacks, the national Blue Cross Blue Shield Association announced in July that it will offer free identity protection services to its 106 million member starting Jan. 1 of this year. Yet concerns remain about how the industry is responding to cybersecurity threats, as a readiness exercise conducted in December showed that some insurers' response plans still come up short when put to the test.
The recently passed Cybersecurity Information Sharing Act seeks to improve cybersecurity threat preparedness in both the government and private sector, but at least one expert believes it "creates a framework that provides few, if any, privacy and security benefits to the general public," FierceHealthIT has reported.
Blue Cross Blue Shield Association to offer identity protection services to all 106M members
Anthem hack compromises info for 80 million customers
Payers need sophisticated tools to fight off cyberattacks
Omnibus funding bill requires HHS to convene cybersecurity taskforce
Simulation shows health plans must do more to prepare for cyberattacks