published Tuesday, January 26th, 2010

BlueCross computer theft already costs $7 million

  • photo
    Staff Photo by Angela Lewis BlueCross BlueShield of Tennessee's headquarters is located on Cameron Hill.

What was initially assumed to be just a glitch in some soon-to-be-discarded computer equipment last fall has grown into one of Chattanooga's most expensive property crimes of the year.

BlueCross BlueShield of Tennessee said Monday it already has spent more than $7 million to respond to the theft last October of computer hard drives from an abandoned office at Eastgate Center.

Although the Chattanooga-based health insurer has adequate reserves to absorb such losses, officials said the company may have to spend millions more to assess what was on the missing computer records and to provide identity protection for affected customers.

The missing computer files contained audio copies of telephone calls and records of video screen images that could compromise the identity or privacy of up to 500,000 Americans, company officials said.

BlueCross already has notified 220,000 BlueCross customers in Tennessee and other states where persons covered by BlueCross of Tennessee plans may work.

To date, BlueCross said there have been no verified instances of any improper access or use of individual identities or health records from the stolen computer hard drives. But BlueCross Communications Director Roy Vaughn said the company has received 8,728 member calls related to the theft so far, and about 20,500 members of BlueCross plans have taken advantage of the company’s offer for free credit monitoring services from Equifax, Kroll or Lifelock.

PDF: BlueCross data on hard drive

Time line of events

* September 2009 — BlueCross relocates customer service center out of leased offices at Eastgate Center

* Oct. 2, 2009 — At 6:13 p.m., alarm from computer hard drives stored at vacated buildings at Eastgate is activated; alarm dismissed because officials did not think the hard drives contained critical data.

* Oct. 5, 2009 — BlueCross computer personnel investigate alarm and discover 57 missing computer hard drives from secured closet. BlueCross security team alerts Chattanooga police to suspected theft of computer records from Eastgate.

* Oct. 6, 2009 — Federal and state authorities, along with local media, are alerted to theft.

* Fall 2009 — BlueCross hires 300 part-time workers and contract investigators, along with the world’s largest risk consulting company, Kroll, to assess what is on missing computer records. FBI joins probe and begins notifying attorneys general across the country.

* January 2010 — BlueCross completes initial audit of records, but continues assessment of lower-level privacy breaches. Initial estimates put cost at $7 million.

Top identify thefts

Although costly for BlueCross, last year’s theft of computer hard drives with the records of as many as 500,000 persons was not one of the country’s biggest:

1. Heartland Payment Systems, hacker breaks into 130 million records in January 2009

2. TJX Inc., hacker breaks into records for 94 million records in January 2007

3. Search Roebuck and TRW, hacker breaks into 90 million records in June 1984

4. National Archives and Records Administration loses 70 million records during disposal in October 2009

5. CardSystems Solutions, hacker breaks into 40 million records in June 2005

Determining what was on the 57 stolen computer hard drives — and complying with federal and state notification requirements — already has required the hiring of more than 700 contract and BlueCross workers to assess back-up copies of the missing records.

“It was like water torture last fall,” BlueCross Vice President Ron Harr recalled Monday. “Every piece of information that came in was worse.”

Mr. Harr said the cost of dealing with the theft will not directly lead to any increase in rates for BlueCross, which still enjoys sufficient reserves to absorb such losses.

“But we have to be honest with people and recognize that, in the end, ultimately all of our money must come from our customers,” he said.

In a prepared statement in response to Times Free Press inquiries, BlueCross declined to discuss any details about the break-in at Eastgate or who had access to the protected area of the leased offices.

Chattanooga police have yet to arrest or charge any individuals who may have been involved in the theft, according to police spokeswoman Sgt. Jerri Weary.

The theft came just weeks before BlueCross planned to send the hard drives back to the vendor for ultimate disposal. The files and the offices where they were housed were no longer in use.

Ed Galloway, supervisory senior resident agent for the FBI, said the organization has been briefed about the missing computer files.

“But I can’t comment on any ongoing investigation,” he said.

To comply the Health Information Technology for Economic and Clinical Health Act adopted last year, BlueCross must notify attorneys general in 32 states where at least 500 BlueCross members may be affected by the security breach.

4
Comments do not represent the opinions of the Chattanooga Times Free Press, nor does it review every comment. Profanities, slurs and libelous remarks are prohibited. For more information you can view our Terms & Conditions and/or Ethics policy.
SeaSmokie59er said...

"officials said the company may have to spend millions more to assess what was on the missing computer records" I wonder, where are they are going to get that money?

January 26, 2010 at 6:27 p.m.
sideviews said...

BlueCross will tap into its billion-dollar-plus reserves and be just fine.

January 26, 2010 at 6:31 p.m.
HealthB4Wealth said...

“But we have to be honest with people and recognize that, in the end, ultimately all of our money must come from our customers,” he said.

Why doesn't some it come from the SALARIES of the managers under whose watch this data was lost?

January 27, 2010 at 12:55 p.m.
djh2010 said...

I can tell you one way they are getting the money is from their disabled employees...I have been disabled for 8 yrs and per my policy I was to be provided health/dental/vision paid for by BCBST as long as I was disabled ..In Dec. 2009 I found out I was going to have to pay half my insurance (starting Jan. 2010)then pay all of my insurance in 2 years...I can't afford this and will probably lose my insurance and medicare is about the same cost...I have to have insurance for my reviews which are coming up and for basic prescriptions and health care.I don't know what to do I worry everyday what to do?

April 14, 2010 at 12:33 p.m.
please login to post a comment

videos »         

photos »         

e-edition »

advertisement
advertisement
400 East 11th St., Chattanooga, TN 37403
General Information (423) 756-6900
Copyright, Permissions, Terms & Conditions, Privacy Policy, Ethics policy - Copyright ©2014, Chattanooga Publishing Company, Inc. All rights reserved.
This document may not be reprinted without the express written permission of Chattanooga Publishing Company, Inc.