Client Information Security Helping Organizations Protect Private Client Data

Blue Cross Eastgate Hard Drive Theft Update

During the past two weeks, significant progress has been made in BlueCross BlueShield of Tennessee’s continuing auditing, identifying and notification efforts of members affected by the Eastgate hard drive theft.

As of January 19, 2010, 220,000 current and former members have been identified and 211,253 notifications have been sent to members indicating that their personal information was included on the stolen hard drives and have been offered remediation services, including credit monitoring and identity theft protection.  These members, which fall in the Tier 3 category, have been confirmed as having their name, address, BlueCross member ID number, diagnosis, Social Security number and/or date of birth included in the stolen hard drives.  Additionally, minors whose personal information has been identified in the Tier 3 category have begun to receive letters offering LifeLock® identity services.

BlueCross has confirmed that 20,940 members have contacted Equifax to initiate the free 3-in-1 credit monitoring service offered to those members in the Tier 3 category.  Also, two members have contacted Kroll regarding activation of its Enhanced Identity Theft Consultation and Restoration services.  However, as of January 19, 2010, there has been no documented incident of identity theft or credit fraud of BlueCross members as a result of this incident. 

Beginning in early February, members falling in the Tier 2 category of personal information (name, address, BlueCross member ID number and diagnosis) will begin to receive their notifications with details of the hard drive theft and remediation services offered to them. 

Below is a graphical representation of total members identified and notifications sent as of January 19, 2010.  If you are unable to view this image, you can go to the Eastgate Hard Drive Theft page of bcbst.com to view this statistic and other information related to our identification and notification efforts.

While this theft has received significant coverage in many Tennessee news and media outlets, our auditing and notification process has received favorable reviews from IT-related online publications and blogs.  BlueCross has been lauded for its open and frequent communications, as well as engaging a leader in data security, Kroll, in assisting with its file audit and remediation efforts.

BlueCross BlueShield of Tennessee is committed to delivering up-to-date and relevant communications to its clients – members, brokers and employers – as information becomes available.  As always, you can direct questions specific to this incident to the BlueCross BlueShield of Tennessee Privacy Office by calling 1-888-422-2786 or through email at Privacy_Questions_GM@bcbst.com. Or, you can visit our Web site at bcbst.com.