On September 5, 2023, Blue Cross and Blue Shield of Illinois (BCBSIL) informed its members with self-funded employer group health plans about a data incident that may have compromised their protected health information (PHI). This announcement followed an internal investigation revealing that sensitive data could have inadvertently been disclosed to unauthorized individuals between September 19, 2022, and May 18, 2023.
"We became aware that your PHI may have been inadvertently disclosed to an unauthorized party during a call handled by our vendor, TTEC, as part of customer service operations," stated a representative from BCBSIL. The investigation pinpointed the disclosure to instances where TTEC employees delegated their calls to non-TTEC individuals.
"We became aware that your PHI may have been inadvertently disclosed to an unauthorized party during a call handled by our vendor, TTEC, as part of customer service operations,"
The review did not uncover any evidence suggesting that the disclosed information was exploited beyond the scope of work for BCBSIL. However, the risk posed to members' sensitive data was significant. The information potentially involved includes names, dates of birth, addresses, phone numbers, Social Security numbers, and medical service information.
Looking Ahead
In light of this concerning incident, BCBSIL took swift action. TTEC has since terminated the employees responsible for the breach. "We are committed to enhancing our hiring protocols, employee monitoring, and security measures to prevent such occurrences in the future," added the spokesperson from BCBSIL.
"We are committed to enhancing our hiring protocols, employee monitoring, and security measures to prevent such occurrences in the future,"
To mitigate any possible damage from this incident, the provider is offering its members free identity theft protection services through IDX, a subsidiary of ZeroFox. "Through IDX, we are providing 12 months of credit monitoring, 24 months of CyberScan monitoring, and a $1 million insurance policy to help members navigate these challenges," emphasized the BCBSIL representative.
"Through IDX, we are providing 12 months of credit monitoring, 24 months of CyberScan monitoring, and a $1 million insurance policy to help members navigate these challenges,"
Impact and Legacy
The identity protection program is designed to help those affected resolve any issues stemming from potential identity compromise, without any cost impacting their credit score. Instructions for enrollment are included in the letters sent to members. Members can either scan the QR code provided or visit the IDX website to sign up using their enrollment code. Alternatively, members can contact IDX directly at 1-800-939-4170, but must do so before the enrollment deadline of November 24, 2023.
While BCBSIL has stated there is no current evidence of data misuse, they encourage members to be proactive. "We recommend closely reviewing explanation of benefits statements and promptly reporting any discrepancies to us," the representative advised. Members are encouraged to remain vigilant, particularly when reviewing their account statements and checking their credit reports for any signs of unauthorized activity.
"We recommend closely reviewing explanation of benefits statements and promptly reporting any discrepancies to us,"
As a precaution, individuals can obtain a free copy of their credit report from the three major credit reporting agencies every year, ensuring they maintain awareness of their financial health. BCBSIL provided comprehensive resources, including contact details for Equifax, Experian, and TransUnion, to facilitate this process.
If members suspect their information has been misused, BCBSIL urges them to reach out immediately to either the Federal Trade Commission or their state Attorney General’s office for guidance on additional steps.
This incident raises important questions about data privacy and security practices among businesses handling sensitive information. Moving forward, BCBSIL will likely emphasize its protocols and commitment to protecting its members’ data as a crucial part of its operations and customer service strategy. The ongoing challenges in the cybersecurity landscape continue to affect various sectors, underscoring the need for vigilance and robust protective measures.
As BCBSIL enhances its security measures, members can rest assured that efforts are underway to mitigate further risks and safeguard the integrity of their health information.