Blue Shield of California is sending out notification letters to 843 of its members advising them that as a result of a computer code update it made to its website, when three authorized administrators logged into their own accounts, they were able to view another authorized user’s information who logged into the user’s own account at exactly the same time. The affected site was Blue Shield of California’s secure health administrator website, which is used by group health benefit plan administrators and brokers to manage plan members’ information. The website was taken down.
The information exposed included members’ names, addresses, Social Security numbers, Blue Shield identification numbers, and dates of birth. The incident was caused by “human error” of Blue Shield personnel. Blue Shield is offering credit monitoring to the affected individuals.
This incident is a reminder that although we are hearing about cyber-hacking incidents, your own employees are still a large risk for any organization.