''HITECH Act'' Requires BlueCross to Release Computer Theft Details
BlueCross BlueShield of Tennessee (BCBCTN) has issued a news release regarding the Oct. 5 computer theft reported by NewsChannel9.com. According to the release, BCBSTN is required to release the information by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).
On Monday, Oct. 5, 2009 at 10 a.m., BlueCross BlueShield of Tennessee, Inc. employees discovered a theft of computer equipment at a network closet located in its former Eastgate Town Center office location in Chattanooga. The theft occurred Friday, Oct. 2, 2009 at approximately 6:13 p.m. BlueCross has established that the items taken include 57 hard drives containing data that was encoded but not encrypted.
The hard drives were part of a system that recorded and stored audio and video recordings of coordination of care and eligibility telephone calls from providers and members to BlueCross’ former Eastgate call center located in Chattanooga. The hard drives that were stolen contained data that included protected health information data of some members of the health plan. This data included member names and identification numbers and, on some but not all recordings, a diagnosis/diagnosis code, date of birth and/or a Social Security number.
BlueCross immediately investigated the breach and strengthened the existing security measures at the Eastgate Town Center where space was being leased. BlueCross is obtaining an independent assessment of system-wide data and facility security.
BlueCross has placed information on its Web site www.bcbst.com to provide its members information about this theft. The information includes the link to the Federal Trade Commission Web site, www.ftc.gov, where members can find information on steps they can take to protect against identity theft. Members can contact the BlueCross Eastgate Response Customer Call Center at 1-888-422-2786 to find out more information.
The back-up data of the stolen hard drives were restored and an exhaustive inventory of all data included on the drives is being conducted by BlueCross and Kroll Inc., a global leader in data security. BlueCross is in the process of sending rolling written notification to members as soon as they are identified as being affected by the data theft. The notification letters, which will be mailed to current and former BlueCross members, will specify the particular call center number that members should call. For any members whose Social Security number is identified at risk, credit monitoring services will be provided free of charge - which also includes up to a million dollars in identity theft insurance.
BlueCross has also engaged the services of Kroll to carry out the member notifications and provide its Enhanced Identity Theft Consultation and Restoration Services. Kroll’s Licensed Investigators are available to answer any questions or identity theft concerns. In addition, in the unlikely event a member sustained identity theft as a result of this incident, BlueCross would also provide Identity Theft Restoration service through Kroll.
BlueCross has notified the Secretary of the Department of Health and Human Services and the State of Tennessee. BlueCross has also placed a notice with all three credit bureaus regarding this theft.
If a member receives a notification letter, the member will then be directed to call one of the numbers below:
• BlueCross Eastgate Response Customer Call Center. 1-888-422-2786 / 1-866-779-0487
• Members whose Social Security number has been identified to be at risk. 1-866-599-7347
• Privacy_Questions_GM@bcbst.com
For up-to-date information related to the Eastgate theft visit the BlueCross Web site at www.bcbst.com.
