We Get Mail

So yesterday’s mail finally brought a letter from BlueCross BlueShield of Tennessee. It reads:

On Monday, October 5, 2009 at 10:00 a.m., BlueCross BlueShield of Tennessee, Inc. employees discovered a theft of computer equipment at a network closet located in our Eastgate Town Center office location in Chattanooga, TN. The theft occurred Friday, October 2, 2009 at approximately 6:13 p.m. BlueCross BlueShield of Tennessee has established that the items taken include 57 hard drives, containing data which was was encoded but not encrypted.

I wrote about this data theft waaaay back on November 25. The letter we received yesterday was dated December 24.

The theft occurred October 2. That’s two and a half months between when the theft occurred and when we were notified. And I’ve known about it for a month.

You know, when computers were stolen from the Davidson County Election Commission, we knew about it right away. Guess the private world doesn’t work that way.

Moving on:

The hard drives contained encoded audio and video recordings of member and provider eligibility and coordination of benefits calls to BlueCross BlueShield of Tennessee’s Eastgate call center. As a current or former member, BlueCross BlueShield of Tennesee has identified that some of your information was stored on the hard drives and potentially could be accessed. The information potentially at risk includes your name, address, member ID, diagnosis code, Social Security number and/or date of birth.

Well that’s just lovely. Thanks for waiting two and a half months to let me know.

This is the second data breach for BlueCross/Blue Shield this year, it appears. Also in October, a laptop containing sensitive physician information was stolen:

This is the second reported insurance company data breach this year involving thousands of physicians. The other came to light in October when BlueCross BlueShield-affiliated plans across the country began notifying physicians that a laptop belonging to an employee of the Chicago-based BlueCross BlueShield Assn. was stolen in August.

An unencrypted file containing identifying information for every Blues-contracted physician in the country — about 850,000 physicians in total — was saved on the laptop. So far there’s been no evidence the data have been misused, but state regulators have been critical of the Blues for allowing the breach to happen and for taking months to report it.

Taking months to report it, huh? Where have we heard that before?

So, we’re being offered Kroll’s “ID TheftSmart™” program to monitor us for identity theft for one year. Kroll is one of those major business intelligence/security firms that always scare the crap out of me, sort of like a privatized NSA. I think I’d rather stay off their radar, thank you. And I always get suspicisious when one giant corporation that knows too much about me wants to sign me up with another giant corporation that knows too much about me. Something doesn’t smell right here.

Anyway, I’ve seen local news reports on this BlueCross BlueShield hard drive theft, but I haven’t seen anything in the national news about it, which I find puzzling. Has there been some kind of news blackout? After all, it’s affected tens of thousands of customers all around the country.

Seems to me this kind of stuff is happening with increasing frequency. HealthNet lost a drive with information on its members and physicians, and waited a full six months to tell anyone.

That just isn’t right. If we’re forced to do business with you people, as a government mandate, then there needs to be some kind of penalty when you folks twiddle your thumbs while customers’ Social Security numbers and other private information is out there loose in the world, waiting for anyone to snap up. I don’t think they take our privacy very seriously, and I think waiting six months or even two months to notify customers shows you were more concerned about covering your own asses than your customers’ protection. Also, I don’t think one years’ worth of “identity theft protection” is going to make anyone feel better. What happens in two years? Three?

Anyway, just a thought. The media coverage of this has been a big fail (no surprise there) and I get the sneaking suspicion that BlueCross BlueShield is hoping no one will really notice.

22 Comments

Filed under Blue Cross, health insurance, Tennessee

22 responses to “We Get Mail

  1. >"If we're forced to do business with you people, as a government mandate, then there needs to be some kind of penalty when you folks twiddle your thumbs while customers' Social Security numbers and other private information is out there loose in the world, waiting for anyone to snap up. I don't think they take our privacy very seriously, and I think waiting six months or even two months to notify customers shows you were more concerned about covering your own asses than your customers' protection."One huge reason why I'm against government mandates and monopolies. You know no serious heads will roll for this, they just have to clean up whatever mess they make to whatever the general public deems adequate.If they (or somebody else) becomes the only game in town, and even worse, part of the government where they can jail or shoot you for non-compliance…you know the "oversight" will get even worse.Hell just look at ANY public works projects. I don't want the same corrupt fat-cats in charge of my body as well.

  2. >If they (or somebody else) becomes the only game in town, and even worse, part of the government where they can jail or shoot you for non-compliance.That strikes me as highly unlikely. I do not fear the U.S. government. I *DO* fear America's corporate overlords, who operate in complete darkness.A private company is more likely to harass and torment a private citizen than the American government, and they can do it under the cloak of private enterprise. With the government everything has to be out in the open and if I don't like what I see I can vote the bastards out of office (at least until we privatize our elections through ES&S, which now controls 50% of all voting machines in the U.S. since it merged with DIebold's voting machine unit.)

  3. >As a Gun owner I assure you the government is FAR better at harassing than any company ever could be, as if one company oversteps its bounds, it looses customer base.Hell it's not just gunnies who get fucked with, man you just did a lengthy post about the stupidity of air travel.Most travel can be found government harassment. Ever get nailed in a local speed trap?Ever gotten a tax audit?Yeah sorry, I've had some companies pull some shit with me, but never have I not been able to call up a representative and told them to fuck off, and taken my business elsewhere.With government, they don't call it business, they call it "The Law".

  4. >Ooops make that 80% of all u.s. election machines not 50%.

  5. >WB, Monsanto has fucked with farmers far worse than the Dept. of Agriculture ever did. Take your health insurance business elsewhere? Good luck with that, they have carved up the states to give themselves a monopoly. And now we're not just privatizing our elections but our U.S. military. The "law" they sent down to New Orleans after Hurricane Katrina wasn't just the National Guard it was Blackwater. Good luck taking them on.KBR allowed one of its female contractors to be gang raped and held without food or water in a container ship while they tried to figure out what to do with her. It took years and a lawsuit for her to get justice.A TN police officer was killed due to Corrections Corp. of America negligence; they let a prisoner escape and never notified local law enforcement that a dangerous criminal was on the loose. Unsuspecting officer pulls over a car for speeding and gets blown away. His family is now suing.And what snake oil are the corporations selling us now? "Tort reform."

  6. >WB said.."Hell just look at ANY public works projects"Like uh… the interstate highway system? Columbia River Project? Hoover Dam? TVA? If you drive and/or drink water, its hard to bitch about public works projects. Notice NONE of these public works projects are from the Nixon Administration on. Just a coincidence that government fell apart after Tricky Dick came on the scene. Post-Eisenhowerian Goopers (!) have an in-bred aversion to doing anything in the public good. Better to let the dead hand of the free market smother the lesser beings who might need fresh water, clean air, or roads without potholes. They're Hellbound anyway. As for Blue Cross & identity security… if they cared about it, it would have been dealt with. Obviously they don't give a shit.. probably because they'll just write off the losses and at the same time jack up their rates a half percent just to cover their bonuses. And if people suffer identity loss and they're agitated about it… well, in the words of the Prophet of Our Times… "Who cares what you think" (Bush II)Proud Socialist

  7. >There has to be a distinction between right wing run government and government for the people. Right wingers want to privatize and then tell you that you have to use these companies or else. Right wingers want to set up businesses that have control of all our needs and then tell us that government is bad and capitalism is good, but they don't tell you that it is their form of capitalism where there really is no competition or free choice and if you don't like it move. I just love it when these people respond with the old; " if you don't like it here move somewhere else". I just want to let them know who built this country…. It sure wasn't wall street or politicians lining the pockets of big business and it wasn't corporate fat cat overlords. Why do we put up with them?

  8. >I got that same letter!! I was mad as hell too. I called because I wanted to know how exactly that over 50 hard drives get stolen. It was in their training facility they said. What a bunch of BS if you ask me! When I asked why it took them 2 months, they said I was one of the first notified and that there would probably be letters going out into January! Unbelievable. Here's the fun part, they only sent the letter in my husband's name, thus only he would get the credit watch. So, I asked about my kids and myself , they believe we are safe, yeah right!

  9. >they only sent the letter in my husband's name,…OMG us too, I didn't think about that. Guess I'm screwed …

  10. >We are all screwed because their wonderful protection is only good for 1 year! All the thieves have to do is wait 14 months to use all their new found information. UGH!

  11. >We desperately need to get away from a system where mere knowledge of someone's SSN is enough to commit fraud. At minimum, there should be something extra that is only used to establish credit and similar, not to merely verify identity. I've had a minor issue along these lines–evidence indicates that someone other than me from the same town where my convicted felon ex wife lives has used my identity.

  12. >The first reaction for most of us is our credit being messed up. But I have to wonder, if they could not blackmail some people with their medical information? One more thing for some people to consider.

  13. >Now we're getting to that "let's put all your info in a computer chip" thing, and that chip being implanted in your forehead, and it being the Sign Of The Beast.

  14. >That strikes me as highly unlikely. I do not fear the U.S. government. I *DO* fear America's corporate overlords, who operate in complete darkness.That's a misplaced fear. The government has far more power to royally fuck up your life than any corporate entity does.In fact, if a corporation does come after you they're going to use the coercive power of the government to their advantage.A corporation cannot tax you, they cannot take your property under "emminent domain" they cannot jail you, cannot threaten you with further government regulation, and they will not send armed agents to your home to force compliance with their wishes.

  15. >Southern Beale:Don't be the last one to sign the Loyalty Oath. You don't want to be getting hauled away by the droids in the black helicopters when they come for the, uh, other people.Having dealt with both the feds (IRS) and private lenders I gotta say that the private lenders make the IRS look all warm and fuzzy. And the rates that can be charged by Discover and the other plastic bankers would make a mafia don green with envy. All we need do to see the consequences of government run healthcare systems is look to Canada where they have been confiscating firearms and sending "undesirables" to the gulags of the Yukon for the last 50 or so years–all because they have a national healthcare database.

  16. >Gotta laugh at Democommie yet again. Where exactly are people making claims that Universal Healthcare is going to result in confiscation of firearms?It's quite sad that you can't see the fundamental difference between a private lender who issued you a credit card and the IRS.

  17. >mike w.:"Where exactly are people making claims that Universal Healthcare is going to result in confiscation of firearms?"Oh, poor mike w., he does not recognize hyperbole and sarcasm when he reads them.Of course, on this thread, from Weer'd Beard:"As a Gun owner I assure you the government is FAR better at harassing than any company ever could be, as if one company oversteps its bounds, it looses customer base."And both of you as well as numerous of your fellow gunnerz use the "slippery slope" agreement at the mention of any sort of firearms regulation.Apparently Weer'd Beard is unaware of the system of elections which are held at all levels of government in the U.S., during which period, disgruntled citizens can not only stop "doing business" with someone that pisses them off–they can fire them.

  18. >That should have been "slippery slope" argument.

  19. >Demo – When you make the kind of inane arguments and ridiculous claims that I've come to expect from you it's hard to tell whether what you've written is a joke/sarcasm or something unbelievably ignorant / stupid.I mean if someone claimed that CA had "relatively lax gun laws" most normal people would conclude that they were joking around, yet you said it as a serious statement.

  20. >You may rest assured I'm not joking. You have really been clinging to that CA "lax gun laws" thing like a life preserver, does it in some way comfort you. As I told you elsewhere, if you want to have an argument on the merits of your dogmatic positions, take it up with the people at the Brady Center. Like you they are incredibly narrow in their focus. Like you they have oodles of facts and statistics to support their positions. Like you, they are more than a bit self-righteous.

  21. >I just got a letter from Lincoln Financial Advisors saying that their information systems had been breached and my information was potentially vulnerable. They also offered Kroll's service. I'm not sending more info to another big company either. I'm beginning to smell a rat.

  22. >if you want to have an argument on the merits of your dogmatic positions, take it up with the people at the Brady Center. Like you they are incredibly narrow in their focus. Like you they have oodles of facts and statistics to support their positions. Like you, they are more than a bit self-righteous.Like you, they are closed minded and will not debate the issue. They used to, but got their asses handed to them. They no longer have any comments section on their blog.Like you, they have no substantive proof of any of their claims. Like you, they don't bring facts, since the facts are not on their side.