Blue Shield of California Employee Causes Massive Ripples
Table of Contents
- By Steven
- Dec 26, 2022
People familiar with cybersecurity are aware of the rise in hospital hacks and breaches over the last few years. Those that try to make themselves aware of many data incidents will be astonished by the sheer number of hospitals and schools on those lists. Hospitals will likely never stop being the primary target for hackers, but many people will be surprised to learn that this hack had nothing to do with a hacker.
How Did the Attack Occur?
The so-called “attack” resulted from an employee sending a file filled with sensitive PII to a personal email. There were two incidents; one was on July 17th, 2022, which was the first time the employee emailed themself the file, and again on October 30th, 2022. It wasn’t until the October occurrence that the hospital noticed the breach, but it quickly took steps to protect the accessed information and its patients.
What Information Was Viewed or Stolen?
Like many hacks, breaches, and leaks before it, this breach’s stolen information varied depending on the victim. The information may have included social security numbers or taxpayer-identification numbers, names, phone numbers, addresses, and emails. “Blue Shield is committed to safeguarding your personal information and takes this incident very seriously,” says the notification letter sent to the California Attorney General. “Blue Shield is strengthening its system detection tools designed to prevent and identify the unauthorized disclosure of sensitive information.”
How Did Blue Shield Admit to the Breach?
Blue Shield of California admitted to the breach with a filing with the California Attorney General’s Office. “Immediately upon discovering this incident, Blue Shield took action to disable the employee’s access to the Blue Shield network,” said the notice. “Blue Shield also interviewed the employee and directed the employee to permanently delete the confidential information from his personal email account. The Blue Shield Privacy Office determined the incident to be a privacy breach, and, while Blue Shield is not aware of any misuse of your information, out of an abundance of caution, we are notifying you of this incident.”
What Will Become of the Stolen Information?
There are always endless possibilities with breaches, whether they’re like this one or not. However, we cannot in good conscience tell you not to worry; we don’t know what the employee did with the information they accessed or if they deleted it as their former employers told them to. We can hope, however, that this person doesn’t know how to access the dark web, as this lack of knowledge could stop the victims’ information from being released.
What Should Affected Parties Do in the Aftermath of the Breach?
Luckily for victims, there are steps to be taken. Blue Shield is offering free credit monitoring to the impacted individuals. There are also steps they can take independently, like downloading monitoring software on any device that contains personal information, especially computers. We recommend monitoring your emails and phone calls to ensure you aren’t getting scammed or phished there.