Blue Shield Experiences Third-Party Breach of Patient Information


Blue Shield of California, one of the state’s leading insurers, says one of its vendors experienced a vision patient data breach that could pose a risk to policyowners’ information. The breach includes Social Security Numbers, birth dates, member numbers, and patient addresses.
While information is lacking on the number of exposed member/patient records, the insurer acknowledges that the breach could include diagnosis and treatment information. The breach was caused by a cyberattack on the MOVEit file transfer program, a widely used data sharing tool.
According to published reports, the company has followed all applicable state and federal requirements concerning notification to members and regulatory agencies about the exposed data. Blue Shield says it has also taken steps to ensure protection of its own network; there is no indication its systems were infiltrated.
Blue Shield of California is the latest insurer among thousands of organizations nationwide impacted by a MOVEit hack. Sutter Health acknowledged last month that one its vendors was also breached in a similar manner this year. 
Affected Blue Shield members are encouraged to regularly review their credit reports and financial statements for suspicious activities that could be tied to identity theft. The Federal Trade Commission offers tips on recovering from identity theft on its website, which you might consider sharing with your clients.

Most Recent Articles
Carrier Updates