Mailing Problem Leads to Breach

System Placed Wrong Addresses on Insurance Mail
Mailing Problem Leads to Breach
A recent healthcare information breach involving Blue Cross and Blue Shield of Florida offers a reminder that even routine tasks, like addressing mail, can trigger a security incident.

In late January, the insurer discovered that a system error had caused it to inadvertently mail some member health information to incorrect addresses. The company recently converted to a new source of customer mailing address information, and the new system tracks both prior and current member addresses, according to a company statement. During the system conversion, 7,400 old customer mailing addresses were mistakenly identified as current addresses and used for a three-month period.

The mismailings included explanation of benefits forms. But they did not include Social Security numbers, dates of birth or financial information, the insurer said.

The Blues plan has notified affected members as required under the HITECH Act breach notification rule. The insurer said it fixed the mailing system problem the same day that it was discovered and has "evaluated its systems and made the appropriate changes to prevent this error from reoccurring.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network