Blues plan offers lengthy protection services after unauthorized use

Sponsored by
Register now

Blue Cross of Idaho Health Service has had a data breach after a hacker accessed the online provider portal with the intent of fraudulently rerouting a provider financial transaction.

The incident occurred on March 21, 2019, and the Blues plan stopped the attempted fraud and secured the portal. However, on the next day, Blue Cross of Idaho determined the unauthorized user was able to access provider remittance documents that contained protected health information.

Twelve types of PHI were affected, but the most sensitive information—comprising Social Security numbers, driver’s license numbers, banking or credit card numbers and information about medical diagnoses—were not affected.

Blue Cross of Idaho is offering three years of credit monitoring and identity theft restoration services from one of the credit firms to all affected members. A third year of protective services is rare among healthcare organizations that have had a breach and offered protection. Most protective services are available for one or two years.

Blue Cross executives were not immediately available to discuss why they took the extra protections, which will result in addition costs to the organization.

The plan further is advising members to remain vigilant to the possibility of fraud and identity theft by reviewing their bank, credit card and other financial statements for any unauthorized activity, as well as contacting their bank to place an alert on their bank account or change their account number.

Also See: Researchers confirm hackers could tinker with medical images

Blue Cross of Idaho engaged cybersecurity and financial experts to review the provider portal and associated financial transactions, and determined that the attacker accessed data on about 1 percent of its membership.

The actual number of affected individuals has not yet been publicly disclosed but will be transmitted to the HHS Office for Civil Rights’ data breach web site. The FBI also is investigating the breach, which is a common procedure. Most members will receive a new insurance ID card with a new member number.

For reprint and licensing requests for this article, click here.