BlueCross BlueShield is beginning to notify members whose personal information was on computer equipment stolen from a storage area at the Eastgate Center in early October, officials said.
BlueCross is also assisting members who have concerns that they could be victims of identity theft due to the theft, it was stated.
BlueCross also said it has tightened security on the personal records it keeps on hand and has hired a firm to make a system-wide security evaluation.
On Monday, Oct. 5, at 10 a.m., BlueCross employees discovered a theft of computer equipment at a network closet located in its former Eastgate Town Center. The theft occurred the previous Friday at approximately 6:13 p.m.
Officials said, "BlueCross has established that the items taken include 57 hard drives containing data that was encoded but not encrypted.
"The hard drives were part of a system that recorded and stored audio and video recordings of coordination of care and eligibility telephone calls from providers and members to BlueCross’ former Eastgate call center located in Chattanooga. The hard drives that were stolen contained data that included protected health information data of some members of the health plan. This data included member names and identification numbers and, on some but not all recordings, a diagnosis/diagnosis code, date of birth and/or a Social Security number.
"BlueCross immediately investigated the breach and strengthened the existing security measures at the Eastgate Town Center where space was being leased. BlueCross is obtaining an independent assessment of system-wide data and facility security.
"BlueCross has placed information on its website www.bcbst.com to provide its members information about this theft. The information includes the link to the Federal Trade Commission website, www.ftc.gov, where members can find information on steps they can take to protect against identity theft. Members can contact the BlueCross Eastgate Response Customer Call Center at 1-888-422-2786 to find out more information.
"The back-up data of the stolen hard drives were restored and an exhaustive inventory of all data included on the drives is being conducted by BlueCross and Kroll Inc., a global leader in data security. BlueCross is in the process of sending rolling written notification to members as soon as they are identified as being affected by the data theft. The notification letters, which will be mailed to current and former BlueCross members, will specify the particular call center number that members should call. For any members whose Social Security number is identified at risk, credit monitoring services will be provided free of charge - which also includes up to a million dollars in identity theft insurance.
"BlueCross has also engaged the services of Kroll to carry out the member notifications and provide its Enhanced Identity Theft Consultation and Restoration Services. Kroll’s Licensed Investigators are available to answer any questions or identity theft concerns. In addition, in the unlikely event a member sustained identity theft as a result of this incident, BlueCross would also provide Identity Theft Restoration service through Kroll.
"BlueCross has notified the Secretary of the Department of Health and Human Services and the State of Tennessee. BlueCross has also placed a notice with all three credit bureaus regarding this theft."
If a member receives a notification letter, the member will then be directed to call one of the numbers below:
• BlueCross Eastgate Response Customer Call Center
1-888-422-2786 / 1-866-779-0487
• Members whose Social Security number has been identified to be at risk
1-866-599-7347
• Privacy_Questions_GM@bcbst.com
For up-to-date information related to the Eastgate theft visit the BlueCross website at www.bcbst.com.