25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Website Error Exposes PHI of Blue Shield of California Members

Posted By on Jun 15, 2015

A website programing glitch has caused a data breach which has exposed the confidential records of 843 members of Blue Shield of California (BSoC).

The unintentional coding error resulted in authorized users being displayed information of other individuals via the health plan’s secure administrator website. The data was displayed when two users logged into the system at the exact same time, with the other users records being displayed on screen. The glitch had a duration of 9 days, with data first compromised on May 9, 2015.

The data breach only affects the website used by administrators and brokers of BSoC’s group health benefit plan. The breach occurred after an update was made to the code on the site. That error was not replicated on the public Blue Cross website.

Blue Shield of California was informed of the data breach on May 18 following a call to its Privacy Office. The website was immediately taken offline to prevent any further exposure of confidential records and to give BSoC time to investigate the problem. The error was identified and the website was recoded within 24 hours. Additional code was put on the site to help the health plan identify this type of error rapidly, should a similar coding error be made in the future.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

In accordance with the HIPAA Breach Notification Rule, BSoC has now started informing all affected individuals by mail. A breach notice has also been issued to California’s Department Of Justice’s Office for the Attorney General.

The information exposed included first and last names, home addresses, dates of birth and Blue Shield ID numbers. Some individuals’ Social Security numbers were also compromised.

BSoC is offering all affected individuals a year of credit monitoring and identity theft protection services. Daily credit reports will be provided to rapidly identify any instances of credit or identity fraud to allow prompt action to be taken to prevent any financial loss.

The provision of identity theft and credit monitoring services is offered as a precaution. BSoC has no reason to believe that any of the information exposed in the incident has been used inappropriately.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist