Highmark changes it procedures in wake of BCBS breach
Another lesson learned the hard way?
In the aftermath of the theft of a Blue Cross Blue Shield laptop, Highmark, Inc. notified 50,000 doctors that their Social Security numbers or tax ID numbers were on the stolen laptop containing their unencrypted data. A BCBS employee had reportedly breached policy by downloading the unencrypted database to a personal computer that was later stolen from the employee’s vehicle.
Now, according to Jason Cato of the Pittsburgh Tribune-Review, Highmark’s chief privacy officer says that:
Highmark will no longer include doctors’ Social Security numbers in data shared with Blue Cross-Blue Shield Association.
If they can implement that quickly going forward, one wonders why it wasn’t implemented previously. It’s not like laptop thefts, employees not following policy, and the value of SSN haven’t been recognized before. While I’m glad to see Highmark take this action, I can’t help but wonder about all of the entities who still continue to use SSN when not absolutely required to by law.