23andMe data breach

Blue Cross and Blue Shield of Illinois Discloses Data Breach

If you are a member of Blue Cross and Blue Shield of Illinois, you may have received a letter informing you that your personal and health information was compromised in a data breach in late June 2023. The breach also exposed the personal health information of some members enrolled in Medicare Advantage plans.

The data breach happened when an unauthorized party accessed the private health information of Blue Cross and Blue Shield members through a vendor of TMG Health. This company used the compromised MoveIt health application while providing administrative services to Medicare enrollees of HCSC Insurance Services Company, which contracts with the Centers for Medicare and Medicaid Services.

Blue Cross and Blue Shield of Illinois said the compromised member information potentially includes:

  • Social Security numbers
  • Bank account numbers
  • Names and addresses
  • Email addresses
  • Phone numbers
  • Dates of birth
  • Health insurance information, including medical claims numbers or medical service information.

The insurance agency recently sent letters to past and current members whose protected health information may have been impacted by the incident.to inform them of the incident.

Members are advised to monitor their credit reports, bank statements, and health insurance statements for suspicious activity.

Blue Cross and Blue Shield of Illinois said, “TMG is working closely with the vendor to ensure systems are updated to block these activities and prevent disclosures of this nature from occurring in the future,” and that law enforcement has been notified about the incident. “BCBSIL takes the confidentiality of its members’ data very seriously,” a spokeswoman for the health agency said in a statement. “If you see any service that you did not receive, please call us at the number found on the statement or on the back of your member identification (ID) card. If you do not receive or access EOBs, contact your provider or plan and request that they send you a statement following the provision of any services under your name and ID number.”

The agency also said, “To protect you from potential identity theft, we are offering you one year of complimentary Personal Identity and Privacy Protection through a national leader in data breach response services, IDX, a ZeroFox Company, the data breach and recovery services expert. IDX identity protection services include 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services.”

Data breaches are becoming more common and costly for businesses and consumers alike. According to a report by IBM Security, the average data breach cost in 2022 was $4.24 million, the highest in 17 years. Data breaches can have long-term consequences for the victims, such as identity theft, fraud, and emotional distress. If you are concerned about your online privacy and security, here are some tips to help you protect yourself:

  • Use strong and unique passwords for your online accounts and change them regularly.
  • Enable two-factor authentication whenever possible to add an extra layer of security to your login process.
  • Be wary of phishing emails and texts asking you to click links or provide personal information. Verify the sender’s identity and contact them directly if you are unsure.
  • Avoid using public Wi-Fi networks or devices to access sensitive information or perform financial transactions. Use a VPN to encrypt your online traffic and hide your IP address.
  • Review your privacy settings on social media platforms and limit the personal information you share online.
  • Check your credit reports annually for free at www.annualcreditreport.com and report any errors or fraudulent accounts.
  • Freeze your credit files with the three major credit bureaus (Equifax, Experian, and TransUnion) to prevent unauthorized access to your credit history.
  • If you suspect your identity has been stolen or compromised, report it to the Federal Trade Commission (FTC) at www.identitytheft.gov and follow the steps to recover it.

Related Data Breaches

Blue Cross and Blue Shield also sent out data breach notices to members in California and Nevada.