15,000 Customers Notified About Blue Cross Blue Shield of Michigan Data Breach

Share this article on:

Approximately 15,000 customers of Blue Cross Blue Shield of Michigan have been notified that some of their private information was stored on a laptop computer that was stolen from an employee of a business associate of one of its subsidiaries.

The laptop computer was stolen on October 26, 2018, and Blue Cross Blue Shield of Michigan was alerted to the exposure of plan members’ protected health information (PHI) on November 12, 2018. The breach affects members of Blue Cross’ Medicare Advantage health insurance plans. Notifications are now being mailed to all plan members affected by the breach.

The laptop computer was protected with a password and plan members’ data stored on the device had been encrypted; however, the employee’s credentials may also have been stolen. Consequently, there is a risk that PHI could have been accessed.

The data stored on the stolen laptop was limited to names, addresses, members’ identification numbers, dates of birth, genders, provider information, diagnoses, and medications. The laptop did not contain Social Security numbers or financial data.

An investigation into the incident has been launched and the employee’s login credentials have now been changed. The risk of identity theft and fraud is believed to be low; however, out of an abundance of caution, all individuals affected by the breach have been offered 24 months of complimentary identity theft protection services. There is no indication that any information stored on the stolen laptop has been accessed by unauthorized individuals.

Blue Cross Blue Shield of Michigan is working closely with its subsidiary company and is assessing policies and procedures and will update them accordingly. Additional safeguards will also be implemented to prevent further security breaches.

Author: HIPAA Journal

Share This Post On