HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Bogus Doctors Behind Horizon Blue Cross Blue Shield of New Jersey Data Breach

A Horizon Blue Cross Blue Shield of New Jersey data breach has been reported following the discovery that criminals posed as doctors in order to gain access to the Protected Health Information of patients. The bogus physicians obtained insurance ID numbers and other sensitive PHI, after being given access rights to Horizon BCBSNJ members’ data.

The information was stolen in order for the criminals to file false insurance claims in the names of the victims. Fraudulent activity was first uncovered on July 30, 2015 and approximately 1,100 individuals are understood to have been affected by the security breach.

In addition to member ID numbers, the bogus doctors were able to gain access to patient names, gender, and dates of birth. A notice on the Horizon BCBSNJ website confirms that Social Security numbers and financial information were not obtained by the criminals. It is understood that the information was stolen with the sole purpose of making false insurance claims. Patient PHI is not believed to have been used for any other purpose.

All affected members of Horizon BCBSNJ have been informed to carefully check their Explanation of Benefits (EoB) statements and medical bills as a precaution against insurance fraud, and should alert the company to any suspected fraudulent use of their data.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The company’s Special Investigations Unit will be revising policies and procedures in an effort to reduce the risk of similar incidents occurring in the future. Horizon BCBSNJ will also be implementing a number of enhanced analytical controls to further protect PHI in an effort to stamp out health care fraud.

Law enforcement agencies have been alerted to the crimes, and the FBI is conducting an investigation to bring the perpetrators to justice.

Any individual whose information was used to submit a fraudulent claim has been called by Horizon BCBSNJ’s Special Investigations Unit, and breach notification letters were mailed to all affected individuals on September 25.

Horizon Blue Cross Blue Shield of New Jersey Data Breach Could Have Serious Consequences for Patients


Social Security numbers and dates of birth are sought by criminals in order to steal the identities of patients, but insurance data can be just as valuable to criminals. With members ID numbers and personal information, doctors – fake or otherwise – can make insurance claims and claim reimbursement for medical services that are never provided.

This type of medical fraud can be particularly damaging for the victims. In order to make the bogus insurance claims, the perpetrators often change medical records of patients and enter false diagnoses in order to claim for expensive treatments. Those changes become part of the victim’s permanent health records until the fraud is discovered by their insurance company. It may also result in legitimate insurance claims being denied.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.