The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last fall has put at risk the private information of approximately 521,761 customers in at least 32 states, the insurer said this week in an investigative update.
Of those customers identified as being at risk, 220,133 have received notices that their personal information was included on the stolen hard drives, BCBS of Tennessee said in a media release.
The hard drives containing 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009. The files contained customers' personal data and protected health information that was encoded but not encrypted.
The 220,133 members notified are in the so-called Tier 3 category, confirmed as having their name, address, BlueCross member ID number, diagnosis, Social Security number, and/or date of birth included in the stolen hard drives. Notifications have been sent to all identified Tier 3 members.
Additionally, 301,628 current and former members have been identified in the Tier 2 category. Members in the Tier 2 category of personal information (name, address, BlueCross member ID number, date of birth, and/or diagnosis) will begin to receive their notifications with details of the hard drive theft and remediation services offered to them in mid-February, the insurer said.