DETROIT – Blue Cross Blue Shield of Michigan announced Friday that the personal data of nearly 15,000 of Medicare Advantage members may have been compromised after an employee's laptop computer was stolen in October.
Blue Cross said it was notified on Nov. 12, 2018 by COBX, a subsidiary company vendor serving Medicare Advantage business for them, that an employee’s work laptop was stolen on Oct. 26, 2018. Although the laptop was encrypted and password-protected, the employee’s access credentials may have been potentially compromised, Blue Cross said.
"After learning of the theft, we began working with our subsidiary company to promptly change the employee’s access credentials and investigate the issue," reads a statement from Blue Cross. "To date, we are not aware of any attempted logins to the employee’s laptop since the theft. Although there is no evidence that the laptop contents were accessed, we are notifying just under 15,000 affected Medicare Advantage members in an abundance of caution."
Blue Cross said the the information that may have been accessible includes the member's first name, last name, address, date of birth, enrollee identification number, gender, medication, diagnosis, and provider information. Social Security numbers and financial account information were not included in the accessible data elements, according to the health provider.
“Disclosure of protected health information in this way does not meet privacy practices at Blue Cross. Although we believe that the risk of identity theft or financial harm is low in this case, we want to do what we can to alleviate concerns affected members may have,” said Kelly Lange, Blue Cross vice president for enterprise compliance.
Blue Cross is offering affected members AllClear ID identity protection services for 24 months at no cost. According to Blue Cross, affected members would be eligible to receive identity repair services, which provides a dedicated investigator to help recover identity theft-related financial losses, restore credit and make sure identity is returned to its proper condition, along with fraud alerts, credit monitoring and an identity theft insurance policy.
"We’re currently working closely with our subsidiary company to review policies and procedures and put additional safeguards in place,” said Lange. “At Blue Cross and Blue Care Network, we take the security of our members’ protected health information very seriously and sincerely apologize for this incident."