BlueCross and BlueShield of Tennessee, as of April 2, has now identified 998,422 current and former members as being at risk following the theft of 57 hard drives last October, the company announced in an update.

That's an increase from a mid-March figure of 521,761 members, as the plan has substantially completed forensic work to identify members at high or medium risk and now is focusing on identifying those at low risk--447,549 so far. Notification letters for these Tier 1, or low-risk members, started going out April 5.

The Blues plan has enrolled all 998,422 known affected members in an ID theft protection program. As of April 2, 238,589 Tier 3, or high-risk members, have been identified. These members' at-risk information includes name, address, date of birth and Social Security number. They have received free credit monitoring services for a year and minors have received special free identity monitoring services.

Another 312,284 Tier 2, or medium-risk members, whose information included name, address and/or date of birth, and diagnostic information, have been notified and receive the ID theft prevention services. Tier 1 members, whose information includes name, address and/or date of birth, also receive these services.

As of mid-March, the data breach had cost BlueCross and BlueShield of Tennessee $7 million. The plan's employees and vendors had spent more than 114,000 man-hours reviewing back up data and notifying affected members, primarily Tier 2 and 3 members to that point.

The plan has issued regular updates to the media since the theft occurred. With work almost finished, it will release a final report when the process is complete.

The May Cover Story of Health Data Management's print edition provides more details on BlueCross and Blue Shield of Tennessee's efforts to resolve the data breach and lessons learned.

This article can also be found at HealthDataMangement.com.