An estimated 500,000 BlueCross BlueShield members may be at risk for identify theft following an October data security breach at a Chattanooga, Tenn., office. While most of the at-risk members reside in Tennessee, BlueCross has identified 32 states with 500 or more members whose data may be at risk as of Jan. 8.

On Oct. 2, 2009, 57 hard drives containing an estimated 1.3 million audio and 300,000 video files related to the coordination of care and eligibility telephone calls from providers and members were stolen from BlueCross BlueShield Tennessee’s former Eastgate Town Center office location in Chattanooga. According to the payor, the video files were images from computer screens of BlueCross customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009.

This encoded--but not encrypted--data included member names and identification numbers and, on some but not all recordings, a diagnosis/diagnosis code, date of birth and/or a Social Security number.

According to the health insurance company, BlueCross immediately investigated the breach and strengthened the existing security measures at the Eastgate Town Center while obtaining an independent assessment of system-wide data and facility security. BlueCross has notified the secretary of the Department of Health and Human Services and the State of Tennessee regarding this theft.

The back-up data of the stolen hard drives were restored and an inventory of all data included on the drives is being conducted by BlueCross and data security company Kroll, stated BlueCross.

As of Jan. 13, there is no evidence that any member’s data has been accessed and used as a result of the theft. BlueCross said there is minimal risk to members’ data being accessed due to the specialized nature of the hardware stolen and the difficulties associated with accessing the stored data.

Currently, BlueCross is in the process of sending rolling written notifications to members as soon as they are identified as being affected by the data theft. BlueCross is offering free credit monitoring services and identity theft restoration for any members whose Social Security number is identified at risk.

As of Dec. 7, 2009, 157,482 out of the 220,000 at-risk identified members as of Oct. 8, 2009 have been notified.

Updated information related to the Eastgate investigation will be posted to the BlueCross Web site as the investigation develops.