Illinois data breach: Dept. of Insurance posts personal information on public website
Marcia Lense reports:
The Illinois Department of Insurance announced an inadvertent data release, that exposed critical personal information. According to a news release, the department received a complaint that Social Security numbers from a health care provider could be seen.
The department says it had sent filings from Blue Cross Blue Shield to the System for Electronic Rate and Form Filing (SERFF) database, which posted the information on its publicly available website.
Read more on KWQC.
A statement linked from the agency’s home page reads:
On November 9, 2015, the Department of Insurance (DOI), through a constituent complaint learned of an inadvertent data disclosure involving health care providers’ Social Security Numbers (SSNs). DOI provided unredacted filings from Blue Cross Blue Shield to the System for Electronic Rate and Form Filing (SERFF) database which posted the information on its publically available website.
Upon learning of the disclosure, DOI took immediate action to remove personal information from the publicly available website. The Department also reviewed all other filings similar in nature to the BCBS filings and determined no other personal information was disclosed.
The security of personal information of Illinois health providers is a priority and notification of this disclosure is being furnished to all persons involved. The Department is taking steps to prevent future disclosures, including a review of DOI’s procedure for posting information to publically accessible data bases.