800k victims after unencrypted health insurance data stolen

By

US firm lost laptops.

Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) began sending notification letters to more than 800,000 members on Dec. 6, alerting them that their personal information may have been compromised after two unencrypted laptops were stolen from the insurance provider's Newark headquarters about one month prior.

800k victims after unencrypted health insurance data stolen

The laptops were unencrypted, but were password-protected. The stolen computers contained sensitive information on roughly 840,000 members, including names, addresses, dates of birth and Horizon BCBSNJ identification numbers. Social Security numbers and clinical information were also included.

“Our top priority at the moment is making sure our members are protected,” Thomas Vincz, a Horizon BCBSNJ spokesperson, told SCMagazine.com on Monday. “We are in the process of notifying our members, who are affected, to apologize for this incident and to provide free credit monitoring and identity theft protection to those members' whose Social Security numbers were involved.”

Officials with Horizon BCBSNJ were alerted on Nov. 4 that the two laptops were stolen, despite being cable-locked to employee workstations. The insurance company began notifying affected members via mail on Dec. 6, following an initial investigation with the Newark Police Department.

Horizon BCBSNJ also hired outside computer forensic experts who determined that not all the information contained on the laptops would be accessible due to the configuration of the machines.

The laptops have yet to be recovered and an investigation is still ongoing, Vincz said. The information has not been used in any way and officials with Horizon BCBSNJ do not believe the laptops were stolen for the information the devices contained, according to a statement posted to the website.

“Horizon is still investigating the encryption procedures and the use of member information as it relates to the two stolen computers,” Vincz said. “Horizon is also reviewing its inventory of computers and its security and encryption procedures in general. We will also be enhancing employee training with respect to the security of company property and member information.”

Horizon BCBSNJ notified 300,000 of its members in early 2008 that their information may have been compromised after one of its unencrypted, yet password-protected, laptops was stolen in Newark. In that incident officials said the data was programmed to be deleted, thus limiting the exposure of sensitive member information.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?