The breach involves "tens of thousands" of physicians nationwide, according to BCBS officials, including around 39,000 in Massachusetts. Thirty-nine BCBS affiliates send information about providers to a database at the association’s headquarters, according to the report.
Physicians in Massachusetts were only recently notified via letter, as it took some time to determine what information was on the laptop. According to the report, information about patients or personal health records was not on the computer.
Officials from BCBS said that the insurance company encrypts all of its information, but the breach occurred when an employee authorized to have the information violated company rules by downloading an unencrypted version to a personal laptop, according to the report.
Nearly 90 percent of physicians nationwide are in the BCBS network, but the breach could be more damaging to physicians in states such as Massachusetts where physicians use their Social Security numbers as their tax identification numbers instead of separate, state-provided tax IDs.
According to the report, corrective action has been taken by BCBS, and the company is reviewing its security procedures and adding more encryption coding to information.
Read the Globe’s report about the BCBS data breach.
