Following a data breach, especially one involving multiple companies, victims often wonder which companies can be held accountable for the leaking of their information. ![]() Based on the available information, it would appear that the unauthorized access did not involve the Blue Shield IT system but the system of OneTouchPoint. Which Companies Can Be Held Responsible for a Data Breach?īlue Shield noted in its letter to affected patients that the breach stemmed from a ransomware attack at a vendor of one of Blue Shield’s vendors. Blue Shield of California employs more than 7,500 people and generates approximately $21 billion in annual revenue. Blue Shield of California provides benefits to more than 4.7 members. Founded in 1939 in San Francisco, CA, Blue Shield of California provides health, dental, vision, Medicaid and Medicare healthcare service plans in California. On July 11, 2022, Blue Shield sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.īlue Shield of California Promise Health Plan is a non-profit health plan offered to California residents, operated by Blue Shield of California. While the breached information varies depending on the individual, it may include your name, subscriber ID number, diagnoses, medications, address, date of birth, sex, advance directives, family history, social history, allergies, vitals, immunizations, encounter data, assessment ID number, and assessment date. Upon discovering that sensitive consumer data was accessible to an unauthorized party, Blue Shield then reviewed the compromised files to determine what information was compromised and which plan members were affected. The investigation revealed that the unauthorized party had access to plan members’ protected health information. Upon learning of the ransomware attack, OneTouchPoint terminated unauthorized access and began an investigation into the incident. On April 28, 2022, OneTouchPoint informed Matrix of the incident, and, in turn, Matrix informed Blue Shield of the incident. ![]() The Matrix attack was related to an incident at one of the company’s vendors, OneTouchPoint. The breach first started at a vendor of a subcontractor used by Blue Shield.Īccording to an official notice filed by the company, on May 20, 2022, Blue Shield of California Promise Health Plan learned that one of the plan’s vendors, Matrix Medical Network, was the victim of a ransomware attack. The facts leading up to the Blue Shield breach are complex in that they involve two related companies. More Information on the Blue Shield Data Breach To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Blue Shield data breach, please see our recent piece on the topic here. ![]() If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. On July 11, 2022, Blue Shield filed official notice of the breach and sent out data breach letters to all affected parties. According to Blue Shield, the breach resulted in the following data types being leaked: names, subscriber ID numbers, diagnoses, medications, addresses, dates of birth, sex, advance directives, family history, social history, allergies, vitals, immunizations, encounter data, assessment ID numbers, and assessment dates. Recently, Blue Shield of California Promise Health Plan confirmed that the company experienced a data breach related to a sub-contractor that works with one of Blue Shield’s third-party vendors.
0 Comments
Leave a Reply. |