Insurer Reports Possible Breach

Highmark tells of snail-mail problem An envelope damaged in the mail represents yet another security risk, one major insurer based in Pittsburgh has learned first-hand.

Highmark, the parent company of several Blue Cross/Blue Shield plans, notified some 3,700 members February 3 that documents containing their names and insurance identification numbers were missing.

In January, the company sent a large billing statement via the U.S. Postal Service to one of its customers, Boscov's Department Store in Reading, Pa. The envelope arrived damaged and torn, and there were pages missing, the company acknowledged.

"The pages were lost and have not yet been recovered," according to a company statement. "The U.S. Postal Inspector has been alerted, and the facts indicate that this incident occurred during the mail process. There is no reason to believe that this information was stolen."

In notifying members of the incident, the insurer offered them free credit monitoring for a year.

"In light of this situation, we are examining our mail processes to determine whether we can change anything to help prevent this type of incident from occurring again," according to the company's statement.

The company also said that by notifying those who might have been affected, it was complying with the breach notification requirements of the HITECH Act.


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.