Employee data loading mistake causes a breach at Philly’s Blues plan

Register now

Independence Blue Cross, serving the greater Philadelphia region, is offering about 17,000 members two years of identity protection services after an employee uploaded a file containing protected health information to a public-facing website.

The information was accessible on the website from April 23 of 2018 until July 20.

“After a thorough investigation, we are unable to determine if protected health information was accessed, and are unaware of any actual or attempted misuse of this information,” the Blues plan explained in a notice.

The most sensitive patient data, comprising Social Security numbers, financial information and credit information, were not affected by the breach.

Potentially compromised data included member name, date of birth, diagnosis codes, provider information, and information used for claims processing such as claim numbers, referral numbers and service dates.

Also See: Hacker accesses email accounts, PHI at retirement communities

Upon learning of the breach, the insurer permanently removed the file from the web site, reviewed company policies and procedures and added additional technical controls to prevent reoccurance of such an incident. “We also ensured that the appropriate action was taken with the employee responsible for uploading the subject file,” the insurer noted.

Independence Blue Cross also provided affected individuals information on protecting themselves against identity theft or financial loss, and encouraged placing fraud alerts with the major credit bureaus.

For reprint and licensing requests for this article, click here.