Blue Shield of California suffered a data breach via a third-party vendor, Sharecare, between May 21, 2018, and June 26, 2018. The incident exposed sensitive personal information, including names, addresses, and medical record numbers of an unspecified number of individuals. The breach triggered an immediate response, with the company engaging a forensic investigation firm to assess the scope and notifying the FBI for further action. While the exact number of affected individuals remains undisclosed, the compromised data poses significant risks, particularly given the sensitivity of medical records. The breach underscores vulnerabilities in third-party vendor security and the potential for large-scale exposure of protected health information (PHI). No ransomware was reported in this incident, but the leak of personal and medical data aligns with severe privacy and regulatory concerns, including potential HIPAA violations.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-144778
TPRM report: https://www.rankiteo.com/company/blue-shield-of-california
"id": "blu020090625",
"linkid": "blue-shield-of-california",
"type": "Breach",
"date": "5/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Blue Shield of California',
'type': 'Healthcare Provider'},
{'customers_affected': 'Unknown',
'industry': 'Healthcare Technology',
'name': 'Sharecare',
'type': 'Third-Party Vendor'}],
'data_breach': {'data_exfiltration': 'Potential',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Addresses',
'Medical Record '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Protected Health Information '
'(PHI)']},
'description': 'The California Office of the Attorney General reported that '
'Blue Shield of California experienced a data breach involving '
'Sharecare, which took place between May 21, 2018, and June '
'26, 2018. The breach potentially affected personal '
'information including names, addresses, and medical record '
'numbers of an unknown number of individuals.',
'impact': {'data_compromised': ['names',
'addresses',
'medical record numbers'],
'identity_theft_risk': 'Potential'},
'investigation_status': 'Forensic investigation initiated (2018)',
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'incident_response_plan_activated': True,
'law_enforcement_notified': ['FBI'],
'third_party_assistance': ['Forensic firm (unspecified)']},
'title': 'Blue Shield of California Data Breach via Sharecare (2018)',
'type': 'Data Breach'}