• Home
  • Breach
  • Blue Cross Blue Shield of Montana (BCBSMT)
Breach cyber

Blue Cross Blue Shield of Montana (BCBSMT)

Oct 23, 2025 2 min read
Blue Cross Blue Shield of Montana (BCBSMT)

Blue Cross Blue Shield of Montana (BCBSMT), the largest health insurer in Montana, experienced a **cybersecurity incident** where an **unauthorized user accessed membership data**, compromising the **personally identifiable information (PII) of 462,000 individuals**. The exposed data included **names, addresses, dates of birth, telephone/fax numbers, email addresses, medical record numbers, health plan beneficiary numbers, account numbers, billing information, and service dates**. The breach exposed **sensitive medical and financial details**, raising concerns over identity theft, fraud, and misuse of health records. A **national class-action law firm (Lynch Carpenter, LLP)** is investigating potential claims for compensation, indicating significant legal and reputational repercussions. The incident highlights vulnerabilities in **healthcare data security**, with long-term risks for affected individuals, including financial fraud and privacy violations.

Source: https://www.globenewswire.com/news-release/2025/10/23/3172360/0/en/Blue-Cross-Blue-Shield-of-Montana-Data-Breach-Claims-Being-Investigated-by-Lynch-Carpenter.html

TPRM report: https://www.rankiteo.com/company/hcsc

"id": "hcs0692206102325",
"linkid": "hcsc",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '462,000 individuals',
                        'industry': 'Healthcare',
                        'location': 'Montana, USA',
                        'name': 'Blue Cross Blue Shield of Montana (BCBSMT)',
                        'size': 'Large (largest health insurer in Montana)',
                        'type': 'Health Insurer'}],
 'customer_advisories': 'Data breach notifications sent to affected '
                        'individuals; legal review form provided for potential '
                        'compensation claims (https://www.lynchcarpenter.com)',
 'data_breach': {'data_exfiltration': 'Yes (records were obtained by '
                                      'unauthorized user)',
                 'number_of_records_exposed': '462,000',
                 'personally_identifiable_information': ['names',
                                                         'addresses',
                                                         'dates of birth',
                                                         'telephone numbers',
                                                         'fax numbers',
                                                         'email addresses',
                                                         'medical record '
                                                         'numbers',
                                                         'health plan '
                                                         'beneficiary numbers',
                                                         'account numbers'],
                 'sensitivity_of_data': 'High (includes medical, financial, '
                                        'and personal identifiers)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_publicly_disclosed': '2025-10-23',
 'description': 'An unauthorized user gained access to membership data of Blue '
                'Cross Blue Shield of Montana (BCBSMT), the largest health '
                'insurer in Montana. The breach impacted the personal '
                'information of 462,000 individuals, exposing personally '
                'identifiable information (PII) such as telephone numbers, fax '
                'numbers, email addresses, medical record numbers, health plan '
                'beneficiary numbers, account numbers, medical/dental service '
                'details, billing information, names, addresses, dates of '
                'birth, and service dates.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive health and '
                                       'personal data',
            'data_compromised': ['telephone numbers',
                                 'fax numbers',
                                 'email addresses',
                                 'medical record numbers',
                                 'health plan beneficiary numbers',
                                 'account numbers',
                                 'medical/dental service details',
                                 'billing information',
                                 'names',
                                 'addresses',
                                 'dates of birth',
                                 'service dates'],
            'identity_theft_risk': 'High (due to exposure of PII including '
                                   'names, addresses, dates of birth, and '
                                   'medical/financial details)',
            'legal_liabilities': 'Lynch Carpenter, LLP is investigating claims '
                                 'for potential compensation; class action '
                                 'lawsuit possible',
            'payment_information_risk': 'Moderate (account numbers and billing '
                                        'information exposed)'},
 'investigation_status': 'Ongoing (Lynch Carpenter, LLP investigating claims)',
 'references': [{'date_accessed': '2025-10-23',
                 'source': 'GLOBE NEWSWIRE Press Release'},
                {'source': 'Lynch Carpenter LLP Investigation Page',
                 'url': 'https://www.lynchcarpenter.com'}],
 'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit '
                                            '(Lynch Carpenter, LLP '
                                            'investigating claims)'},
 'response': {'communication_strategy': 'Public disclosure via press release '
                                        '(GLOBE NEWSWIRE) and data breach '
                                        'notifications sent to affected '
                                        'individuals'},
 'threat_actor': 'Unauthorized user',
 'title': 'Blue Cross Blue Shield of Montana Data Breach',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.