Blue Shield of California Notifies 63,341 Customers of Third-Party Data Breach

Console and Associates, P.C.
Contact

On March 27, 2023, Blue Shield of California filed a notice of data breach with the Attorney General of Maine after learning that one of the company’s vendors, Fortra, was the target of a cyberattack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, dates of birth, genders, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, and other protected health information. After confirming that consumer data was leaked, Blue Shield began sending out data breach notification letters to all 63,341 individuals who were impacted by the recent data security incident.

If you received a data breach notification from Blue Shield of California or Fortra, the company that was targeted in the recent cyberattack, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, healthcare and insurance companies possess an incredible amount of sensitive information that hackers can use to steal your identity or even obtain medical care in your name. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Blue Shield data breach, please see our recent piece on the topic here.

What We Know So Far About the Blue Shield of California Breach

The available information regarding the Blue Shield of California breach comes from the company’s filing with the Attorney General of Maine. According to this source, on February 5, 2023, Blue Shield was informed by a provider, Brightline Medical Associates, that one of its subcontractors, Fortra, LLC, experienced a cyberattack between January 28, 2023 and January 31, 2023. In response, Fortra launched an investigation into the incident, determining that an unauthorized individual gained access to Fortra’s GoAnywhere Managed File Transfer-as-a-service. It was also confirmed that the unauthorized party downloaded files that Brightline Medical Associates had stored on the GoAnywhere platform. Based on the information provided by Fortra, Blue Shield believed that an unauthorized party was able to access and potentially steal patient information.

Upon discovering that sensitive patient data was made available to an unauthorized party, Blue Shield of California began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, date of birth, gender, Blue Shield subscriber ID number, phone number, e-mail address, and other protected health information.

On March 27, 2023, Blue Shield of California sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The Maine Attorney General reports that there were 63,341 individuals impacted by the Blue Shield / Fortra data breach.

More Information About Blue Shield of California

Founded in 1939, California Physicians’ Service DBA Blue Shield of California is a health insurance provider based in Oakland, California. Blue Shield provides individual, employer-sponsored, Medicare and “Covered California” plans. Blue Shield of California is an independent member of the Blue Shield Association. Blue Shield of California employs more than 7,250 people and generates approximately $17 billion in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide