Private information on over 18,000 California doctors was accidentally made public through a series of mistakes by Blue Shield and the state regulator that oversees them.
In a letter explaining the breach, the Department of Managed Health Care wrote,” On May 16, 2014, the DMHC discovered that Blue Shield of California had inadvertently included provider Social Security numbers (SSNs) in the rosters Blue Shield provided to the DMHC in February, March, and April, 2013.” The letter adds, “In addition to the SSNs, the rosters included providers’ names, business addresses, business telephone numbers, medical groups, and practice areas.”
DMHC investigated and found that the files including the private data had been distributed in response to 10 requests for the now-public data. According to a report by Becker’s Hospital CIO, those copies were distributed to “other insurance companies, the companies’ attorneys, and two members of the media.” The agency has since requested that those who received the copies destroy them.
In addition, DMHC claims to have put in place: “additional protections to safeguard against future inadvertent disclosure of confidential personal information.” Blue Shield is also said to have revised its procedures to prevent a repeat incident.
There is no evidence that any of the data has been misused thus far, but to make up for the error, Blue Shield offered everyone impacted a one year membership in a fraud alert protection system. DMHC also recommended that doctors place a fraud alert on their credit files.