In October 2009, 57 hard drives containing video and audio files related to coordination of care and eligibility telephone calls from providers and members were stolen from a leased facility in Chattanooga, Tenn. that formerly housed a BlueCross BlueShield call center. The video files were images from computer screens of BlueCross BlueShield customer service representatives and the audio files were recorded phone conversations from January 1, 2007, to October 2, 2009.
Almost immediately, BlueCross BlueShield of Tennessee began communicating to brokers and employers and has provided periodic updates as more information becomes available. Additionally, BlueCross BlueShield of Tennessee has been diligently reviewing and analyzing the backup files of the stolen hard drives.
As of February 5, 2010, a total 521,761 current and former members have been identified and 220,133 notifications have been sent to members indicating that their personal information was included on the stolen hard drives. The 220,133 members notified are in the Tier 3 category, meaning that name, address, BlueCross member ID number, diagnosis, Social Security number and/or date of birth was included in the stolen hard drives. Additionally, 301,628 current and former members are in the Tier 2 category. Members in the Tier 2 category (name, address, BlueCross member ID number, date of birth and/or diagnosis) began to receive their notifications and details about remediation services in mid-February.
The cost to date for this data breach is over $7 million.
