HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

15,000 Customers Notified About Blue Cross Blue Shield of Michigan Data Breach

Approximately 15,000 customers of Blue Cross Blue Shield of Michigan have been notified that some of their private information was stored on a laptop computer that was stolen from an employee of a business associate of one of its subsidiaries.

The laptop computer was stolen on October 26, 2018, and Blue Cross Blue Shield of Michigan was alerted to the exposure of plan members’ protected health information (PHI) on November 12, 2018. The breach affects members of Blue Cross’ Medicare Advantage health insurance plans. Notifications are now being mailed to all plan members affected by the breach.

The laptop computer was protected with a password and plan members’ data stored on the device had been encrypted; however, the employee’s credentials may also have been stolen. Consequently, there is a risk that PHI could have been accessed.

The data stored on the stolen laptop was limited to names, addresses, members’ identification numbers, dates of birth, genders, provider information, diagnoses, and medications. The laptop did not contain Social Security numbers or financial data.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

An investigation into the incident has been launched and the employee’s login credentials have now been changed. The risk of identity theft and fraud is believed to be low; however, out of an abundance of caution, all individuals affected by the breach have been offered 24 months of complimentary identity theft protection services. There is no indication that any information stored on the stolen laptop has been accessed by unauthorized individuals.

Blue Cross Blue Shield of Michigan is working closely with its subsidiary company and is assessing policies and procedures and will update them accordingly. Additional safeguards will also be implemented to prevent further security breaches.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.