PDF: A sample credit monitoring letter
STEPS BLUECROSS IS TAKING
* Identifying and notifying members found to have data potentially at risk
* Posting information updates regarding the data breach on www.bcbst.com
* Providing members whose Social Security numbers are at risk with credit monitoring for 12 months
* Providing a special hotline to handle questions and concerns: 1-888-422-2786
* Responding to e-mails sent to the privacy office at privacy_office@bcbst.com
* Providing Federal Trade Commission educational information to deter consumer fraud
* Obtaining an independent assessment of the company's system-wide data and facility security
Source: Letter to group administrators from BlueCross counsel
After 68 computer hard drives were stolen last month, BlueCross BlueShield of Tennessee is providing members whose Social Security numbers may be at risk with credit monitoring service for a year.
On Oct. 2, someone entered a data closet at the insurance provider's Eastgate Town Center location and removed hard drives containing encoded data.
BlueCross is assisting the criminal investigation and will retain an independent firm to perform a security assessment, the company said in a news release Monday. More than 800 staff members, a temporary staffing service and a data security contractor are working six days a week to retrieve and review back-up files, the release stated.
"This team is combing through 300,000 screen image files and reviewing 50,000 hours of audio recordings stored on the stolen drives to determine the exact data at risk," according to the release.
Spokeswoman Mary Thompson said the company is committed to helping members secure any information that may be compromised.
"We obviously take great concern for the privacy and security of our members' personal health information," she said. "So if a member's potential information is found to be compromised, we want to extend credit monitoring to them."
Chattanooga police continue to pursue leads in the case, hoping the hard drives will show up when someone attempts to sell or discard them.
"It's highly specialized equipment that not everybody could use," said Capt. Ken Neblette, commander of the department's criminal investigation division.
Staff Photo by Dan Henry
BlueCross BlueShield customer service representative Diana Gains, right in yellow, works at the company's offices at Eastgate Town Center. A majority of the employees are expected to begin moving to the new BlueCross campus at the beginning of March.
On Friday, the company alerted clients via Priority Mail that some members' personal information is contained in the hard drives. Company or group administrators received letters from Tena Roberson, the deputy general counsel and chief privacy officer for BlueCross.
"The call recordings may have included the member's name and ID number," wrote Ms. Roberson. "Additionally, some recordings may have included the member's date of birth or Social Security number."
Letters to affected members are expected to be sent beginning Monday, notifying them their Social Security numbers were included in the stolen data and they can receive free Equifax credit monitoring for a year, the company said.
The company also established a hotline to handle questions and bolstered security at all facilities by adding video camera surveillance, reviewing card access readers and increasing the number of security personnel, officials said.
Text Size:
For one year only? So know that the criminals know that, all they have to do is wait a year then start stealing peoples identity... Great.. Oh and also providing credit monitoring for only one (Equifax) of the three credit bureaus... Ummm!!!! I think they make enough money from our high premiums to pay for their mistake for longer then 1 year and for all 3 bureaus... We trust these people with our financial information, with our health, and with our lives.. The least they can do is to protect us better....
-Concerned Citizen
Blue Cross should have put their money on their new "Movement" campaign into a "Movement" to protect theft of hard drives containing sensitive customer information.
But security efforts doesn't give them that nice warm feeling of smug self-satisfaction, does it?
To everyone whose confidential information was stolen---Ask Blue Cross to give you a reach-around. Might as well get something for your premiums.