After 57 hard drives were stolen from it in 2009, potentially exposing the personal data of more than a million members, BlueCross BlueShield (BCBS) of Tennessee announced today that it has completed a $6 million project that encrypts all at-rest data throughout its enterprise.
The company said it spent more than 5,000 man-hours on the encryption effort, which encompassed about 885TB of at-rest data.
BCBS said it is now encrypting all data on 1,000 Windows, AIX, SQL, VMware and Xen server hard drives; 6,000 workstation hard drives and removable media drives; 136,000 tape backup volumes; and 25,000 voice call recordings per day.
The company said it inventoried all the places data resides, including computer hard drives, servers and removable media devices, such as USB drives and CD/DVD burners.
BCBS completed the encryption project in just over a year.
"We searched the country and were unable to find another company that has achieved this level of data encryption," Michael Lawley, vice president of technology shared services for BCBS, said in a statement.
In addition to the encryption, BCBS adopted even stricter policies and procedures. "Our members can rest easier knowing we implemented this process to better protect their privacy," Lawley added.
BlueCross' 57 hard drives were stolen from a leased facility in Chattanooga. The hard drives contained audio and video recordings related to customer service telephone calls from providers and members, and included varying degrees of personal information on about a million members. So far, there is no indication of any misuse of personal data from the stolen hard drives, the company said.
In the wake of the theft, BCBS sent out alerts to just over one million current and former members. BlueCross also offered some of those affected by the theft free Equifax credit monitoring service.
"The lessons we learned from the theft led us to go above and beyond current industry standards, and our team has worked tirelessly to put new safeguards in place and encrypt all our at-rest data," said Nick Coussoule, senior vice president and chief information officer for BlueCross.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian or subscribe to Lucas's RSS feed . His e-mail address is firstname.lastname@example.org.