Share this article on:
A Horizon Blue Cross Blue Shield of New Jersey data breach has been reported following the discovery that criminals posed as doctors in order to gain access to the Protected Health Information of patients. The bogus physicians obtained insurance ID numbers and other sensitive PHI, after being given access rights to Horizon BCBSNJ members’ data.
The information was stolen in order for the criminals to file false insurance claims in the names of the victims. Fraudulent activity was first uncovered on July 30, 2015 and approximately 1,100 individuals are understood to have been affected by the security breach.
In addition to member ID numbers, the bogus doctors were able to gain access to patient names, gender, and dates of birth. A notice on the Horizon BCBSNJ website confirms that Social Security numbers and financial information were not obtained by the criminals. It is understood that the information was stolen with the sole purpose of making false insurance claims. Patient PHI is not believed to have been used for any other purpose.
All affected members of Horizon BCBSNJ have been informed to carefully check their Explanation of Benefits (EoB) statements and medical bills as a precaution against insurance fraud, and should alert the company to any suspected fraudulent use of their data.
The company’s Special Investigations Unit will be revising policies and procedures in an effort to reduce the risk of similar incidents occurring in the future. Horizon BCBSNJ will also be implementing a number of enhanced analytical controls to further protect PHI in an effort to stamp out health care fraud.
Law enforcement agencies have been alerted to the crimes, and the FBI is conducting an investigation to bring the perpetrators to justice.
Any individual whose information was used to submit a fraudulent claim has been called by Horizon BCBSNJ’s Special Investigations Unit, and breach notification letters were mailed to all affected individuals on September 25.
Horizon Blue Cross Blue Shield of New Jersey Data Breach Could Have Serious Consequences for Patients
Social Security numbers and dates of birth are sought by criminals in order to steal the identities of patients, but insurance data can be just as valuable to criminals. With members ID numbers and personal information, doctors – fake or otherwise – can make insurance claims and claim reimbursement for medical services that are never provided.
This type of medical fraud can be particularly damaging for the victims. In order to make the bogus insurance claims, the perpetrators often change medical records of patients and enter false diagnoses in order to claim for expensive treatments. Those changes become part of the victim’s permanent health records until the fraud is discovered by their insurance company. It may also result in legitimate insurance claims being denied.