Independence Blue Cross in Philadelphia has notified 17,000 of its plan members that their protected health information (PHI) may have been compromised as a result of a file containing their PHI being uploaded to a public-facing website.
The Independence Blue Cross privacy office became aware of a data breach on July 19. A leading forensics firm was contracted to investigate the breach and find out if the PHI of plan members had been accessed. The investigation revealed that on April 23, 2018, an Independence Blue Cross employee had uploaded a file containing the PHI of plan members to a website that could be accessed by the public . The file remained accessible until July 20.
The file included limited data on plan members and did include any financial information or Social Security numbers, only names, birth dates, diagnosis codes, healthcare provider details, and information utilized for processing claims.
Despite a thorough investigation, it’s was not possible to confirm if any unauthorized individuals viewed the file while it was available online. Thus far, no one has reported any misuse of PHI.
The health insurance provider stated that the data breach impacted approximately 17,000 people or less than 1% of plan members of Independence Blue Cross and its subsidiaries — AmeriHealth HMO and AmeriHealth Insurance Co. of New Jersey. These plan members have now been notified about the breach and have been offered two-years of free triple-bureau credit monitoring and identity theft protection services.
Independence Blue Cross has also taken extra protective measures to prevent similar breaches from happening again. Appropriate disciplinary action has also been taken against the employee responsible for uploading the file.