Client Information Security Helping Organizations Protect Private Client Data

BCBS of Tennessee Client Data Breach

My health insurance is with BCBS of Tennessee. For a couple of months now I have been receiving updates because of a Client data breach they experiences last October. Following is a copy of the official information.

“In October 2009, 57 hard drives containing video and audio files related to coordination of care and eligibility telephone calls from providers and members were stolen from a leased facility in Chattanooga, Tenn. that formerly housed a BlueCross BlueShield of Tennessee call center. The video files were images from computer screens of BlueCross BlueShield of Tennessee customer service representatives and the audio files were recorded phone conversations from January 1, 2007 to October 2, 2009.

“Almost immediately, BlueCross BlueShield of Tennessee began communicating to brokers and employers of this incident and has been providing periodic updates as more information became available.  Additionally, BlueCross BlueShield of Tennessee has been diligently reviewing and analyzing the backup files of the stolen hard drives.  Since early December, nearly 200,000 active and former members have been identified on those files and notified that certain personal information was included on the stolen hard drives.

“As of January 4, 2010, we have completed the audit of the 1.3 million audio files and 300,000 video files and will now begin a broad communications effort to members, brokers and employers.  Part of this comprehensive communications effort will include a progress report delivered via email every two weeks to brokers and group administrators.  This report will include details of total affected members and our notification and remediation steps.  We will continue to post regular updates to our Web site, bcbst.com – including a special Eastgate Hard Drive Theft page – along with a FAQ section to assist in providing answers to many questions we have received over the past few weeks.

“We will also be providing more detail on the steps BlueCross BlueShield of Tennessee has taken to identify and protect the personal data of affected members. Beginning with the member notification letters generated the week of January 11, 2010, information will be included regarding the discovery of the theft of the hard drives and BlueCross BlueShield of Tennessee’s response to that incident.  Additionally, BlueCross BlueShield of Tennessee members that are classified as minors will be receiving a specific notification letter addressed to their parent or guardian and offering LifeLock Identity Alert™ services (see attached).  Letters to current and former BlueCross BlueShield of Tennessee groups explaining these changes will be sent the week of January 11, 2010.

“BlueCross BlueShield of Tennessee is committed to delivering up-to-date and relevant communications to its clients – members, brokers and employers – as information becomes available.”

This organization had to pay for someone to review 1.3 million audio and 300,000 video files. They also have mailed letters to all the potentially affected members. All because some hard drivers were stolen. Another reason to make sure your physical security will protect client information from being compromised because of a burglary.

What is your organization doing to enhance your physical security?