Independence Blue Cross and its subsidiaries AmeriHealth HMO & AmeriHealth Insurance Co. of New Jersey alerted its members of a recent potential privacy issue incident related to protected health information.
Independence Blue Cross was notified that certain member information may have been accessible for unauthorized viewing.
The company said less than 1 percent of Independence and AmeriHealth members were impacted by this incident.
They launched an investigation which determined that an Independence employee uploaded a file containing limited member information to a public-facing website that was publicly accessible.
After thorough investigation, Independence is unable to determine if protected health information was accessed, and is unaware of any actual or attempted misuse of this information.
They will be offering access to 24 months of free triple-bureau credit monitoring and identity protection services.
Compromised information included members' names, dates of birth, diagnosis codes, provider information and other information used for claim processing purposes.
The data did not involve any social security numbers, financial information or credit information.
TPRM report: https://scoringcyber.rankiteo.com/company/independence-blue-cross
"id": "ind126301022",
"linkid": "independence-blue-cross",
"type": "Data Leak",
"date": "09/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 'Less than 1 percent of '
'Independence and AmeriHealth '
'members',
'industry': 'Healthcare',
'location': 'New Jersey',
'name': 'Independence Blue Cross',
'type': 'Health Insurance Company'}],
'attack_vector': 'Employee Error',
'customer_advisories': 'Offering 24 months of free triple-bureau credit '
'monitoring and identity protection services',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Health Information']},
'description': 'Independence Blue Cross and its subsidiaries AmeriHealth HMO '
'& AmeriHealth Insurance Co. of New Jersey alerted its members '
'of a recent potential privacy issue incident related to '
'protected health information.',
'impact': {'data_compromised': ["Members' names",
'Dates of birth',
'Diagnosis codes',
'Provider information',
'Other information used for claim processing '
'purposes']},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Employee uploaded a file '
'containing limited member '
'information to a public-facing '
'website'},
'title': 'Independence Blue Cross Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Public-facing website'}