Blue Shield discloses 18,000 doctors' Social Security numbers
A mistake left thousands of Social Security numbers in publicly available files
IDG News Service - The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday.
The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the data and were available under the state's public records law.
"Because they did not recognize their error, Blue Shield did not mark the rosters as confidential or otherwise alert the DMHC to the inclusion of the SSNs," the Department of Managed Health Care said in a letter to affected individuals.
The rosters included the Social Security numbers of providers along with their names, business addresses, business telephone numbers, medical groups and practice areas, and were released 10 times as a result of public records requests. Combined with other information, SSNs can be used in identity theft.
The requesters were other insurance companies, their attorneys and two members of the media, said Marta Green, a spokeswoman for DMHC. The department is contacting the requesters to ask that they destroy the CDs that contain the SSNs in return for new CDs with the SSNs deleted.
Typically, such requesters are using the data to evaluate their competitors, she said. As such, there is a low possibility that the data would be used for unscrupulous reasons.
Blue Shield said on Monday that it learned of the mistake after being notified by the Department of Managed Health Care. It has worked with the agency to notify the affected providers and to offer them free credit monitoring for one year, said Sean Barry, a spokesman for the organization.
"We have taken several steps to prevent this mistake from happening again," Barry said.
DMHC said it has instigated new software routines that will attempt to detect when providers make such errors in the future.
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is firstname.lastname@example.org
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts