Data breach at Tennessee Blues could affect 1 million patients

A review by the insurer shows that an increasing number of plan members might face identity theft after hard drives were stolen in 2009.

By Pamela Lewis Dolan — Posted April 27, 2010

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

The number of people at risk because of a data breach at BlueCross BlueShield of Tennessee has nearly doubled, according to a statement the insurer released in early April.

The breach, first reported in November 2009, was caused by the Oct. 2 theft of 57 hard drives from an office in Chattanooga, Tenn., that had housed a call center. The hard drives contained 1.3 million audio files and 300,000 video files related to coordination of care and eligibility phone calls from physician practices, hospitals and patients. The videos contained images of computer screens used by customer service representatives. The company said the files contained personal data and protected health information that was encoded but not encrypted.

The number of plan members whose data were exposed has grown from 521,761, an estimate made in March, to nearly 1 million, as of April 2, according to a report issued by Mary Thompson, spokeswoman for the Tennessee Blues.

The company said it has continually gone through the back-up files since the breach occurred to see what data were exposed. More cases were revealed through the review process, which Thompson said was almost complete.

The company divided plan members who were impacted into three tiers: tier 1 for those at the lowest risk: tier 2 for those at medium risk because lost data included names, addresses, dates of birth and diagnostic information; and tier 3, those at the highest risk because data also included Social Security numbers. It identified 238,589 members as tier 3. The largest number, 447,549, fell under tier 1.

So far there has been no evidence of identity theft or credit fraud resulting from the breach, and the company believes there is low risk of data being accessed, due to the specialized nature of the stolen software. But the insurer is offering credit monitoring to all those at risk, with different levels of monitoring depending on severity of risk.

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn