Healthcare Data of 840,000 at Risk After Laptop Theft

Thieves stole two laptops that may contain the unprotected personal data of around 840,000 customers from Horizon Blue Cross Blue Shield after breaking into the company’s Newark, N.J. headquarters on Nov. 1. One month later, the company began sending letters to its subscribers notifying them of the breach. Horizon issued a statement on Dec. 6 saying the stolen laptops were password protected, but the internal data was not encrypted. Due to the way the stolen laptops were configured, we are not certain that all of the member information contained on the laptops is accessible. We have no reason to believe that the laptops were stolen for the information they contained or that the information has been accessed or used in any way.

The two stolen laptops, which reportedly were MacBook Pros, were cable-locked to the employees’ workstations, but the thieves somehow broke the locks.

The company believes the laptops could have contained the personal information, including names, dates of birth, “limited clinical information” and social security numbers, according to The Star-Ledger. Company employers discovered the theft on Nov. 4 and immediately notified the police. There have been no arrests, and the thieves have not been identified. Thomas Vincz, a Horizon spokesperson, told SC Magazine that the company will provide free credit monitoring and identity theft protection to the affected subscribers. In a letter sent to a subscriber, who then shared it with Mashable, the company offers a one-year membership to Experian ProtectMyID Alert, an identity theft alert service, which normally costs $15.95 per month. There are multiple potential dangers for the victims if the thieves were to get their hands on the subscribers’ medical records, experts warn.

“Medical data is rife with clues which reveal other details about one’s personal life such as eating, fitness and lifestyle habits and perhaps some genetic resident diseases,” Carl Herberger, vice president of Security Solutions at Radware wrote in a blog post. “This provides a somewhat unique attribute for those who are interested in causing directed harm against a fellow person.” The thieves, Herberger explained, could impersonate the victims and access their medical insurance payments, sell their information or directly blackmail them — a technique that could particularly be effective against celebrities or people in a public positions, such as judges or high-ranking officials.

 

http://mashable.com/2013/12/19/horizon-blue-cross-blue-shield-laptop-theft/

Pin It