
Subscribe to
Computerworld
or
Other Privacy Stories
|
February 07, 2006 (Computerworld) -- A "human error" at Blue Cross and Blue Shield of North Carolina allowed the Social Security numbers of more than 600 members to be printed on the mailing labels of envelopes sent to them with information about a new insurance plan.
The mistake affected patients who had applied for a new health savings account insurance plan, said Gayle Tuttle, a spokeswoman for the Chapel Hill, N.C.-based insurer. "The mailing label on a welcome letter that we sent out to 629 people enrolled in one of our individual insurance plans contained an 11-digit tracking number, nine of which were the members' Social Security numbers," Tuttle said. "The release of this information is the result of a regrettable human error."
As part of a broader bid to enhance privacy, Blue Cross has been using a new subscriber number instead of Social Security numbers to identify patients, Tuttle said. Even so, there is still a "linking" that goes on internally between the subscriber IDs and Social Security numbers that may have contributed to the error, she said.
The problem was discovered on Jan. 30, and letters were sent to the affected individuals on Feb. 1 informing them of the breach and instructing them to check for fraudulent activity with the major credit reporting bureaus. "We are taking this very seriously," Tuttle said. "But this affects only a very tiny percentage of our members."
Following the incident, Blue Cross is looking at its internal processes and procedures to see how such mistakes can be avoided in future, Tuttle said.
The incident at Blue Cross is similar to one involving The Boston Globe last week and another case involving tax preparer H&R Block Inc. in Kansas City, Mo.
In the Globe incident (see " Newspapers' Exposure of Data Points Out Hidden Risks"), confidential information belonging to more than 200,000 subscribers was inadvertently exposed when the Worcester Telegram & Gazette, a sister publication in Worcester, Mass., reused paper containing their names, credit card numbers and bank account information to print routing labels that were attached to bundles of newspapers.
In the H&R Block case, the company accidentally embedded Social Security numbers in a 47-digit tracking number on packages used to mail free copies of the company's TaxCut tax preparation software in mid-December. The problem was reported to the company by an affected individual shortly thereafter, and letters were sent to all affected persons on Dec. 22, said H&R Block spokeswoman Denise Sposato.
The problem was the result of an "inadvertent human error" and affected only a small percentage of former H&R Block clients, she said.
"The Social Security numbers were embedded within this 47-digit string. They were not broken out in any way shape or form," making it extremely difficult for anyone to even notice the error, Sposato said. In fact, less than 10 of the affected individuals detected the problem on their own, she said.
"We've been around for over 50 years, so if anybody knows about the sensitivity and confidentiality of financial data, it is H&R Block," Sposato said. "This was totally contrary to H&R Block's policies and procedures."
Since the incident, H&R Block has completed an investigation into what happened and has fixed the problem. She did not offer further details.
"Data Security Breaches" RSS feed
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|



Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|

In SecurityThere's plenty of talk about how to behave during a Customs search of your computer and gear, but Jon Espenschied's got tips for securing your data (and privacy) before you reach the border. Click here to read the latest column by Jon Espenschied |
Computerworld Technology Briefing: An open-source path to optimal virtualization Looking for a virtualization strategy that offers both the flexibility and reliability to meet the demands of mixed-source environments? Look no further than the fast-emerging open virtualization approach backed by some of the biggest names in enterprise computing. Together they are pointing the way toward higher data center performance without higher costs.Download this briefing
|
![]() |
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the
network security landscape has changed dramatically. Today's IT professionals still have the
primary responsibility of protecting the confidentiality of corporate information, preventing
unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.Download this white paper
|
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.Download this white paper |
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.View this demo
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |
