news-record.com

Blue Cross and Blue Shield of North Carolina has begun to warn about 30,000 health care providers their personal information may have been compromised because of a computer theft.

In a letter now circulating, Blue Cross said an employee at Blue Cross and Blue Shield Association, a business partner in Chicago, violated policy by transferring encrypted data provided by 800,000 health care professionals nationwide to a personal laptop.

The employee, who took the computer home, reported it stolen Aug. 25.

The letter from the Durham-based health insurer, to hospitals, doctors, pharmacists, dentists and physical therapists, stressed no protected patient information was lost.

But the computer did contain the health care providers’ names, addresses, tax identification numbers and national provider identification numbers, which would provide access to a variety of demographic information.

For 200,000 of the health professionals in the database, — 20,000 in North Carolina — the tax ID number matches the provider’s Social Security number. The security breach left some health care professionals worried about the possibility of identity theft.

“This is the most distressing, appalling information I have probably ever had,” said Cathy Poole, a medical practice administrator in High Point. “It is more than disappointing.”

Added Bob Seligson, executive vice president and CEO of the North Carolina Medical Society in Raleigh: “It’s pretty serious anytime anybody loses data. It is scary to anybody.”

But Blue Cross and Blue Shield officials said they have no indication anyone’s identity has been stolen, and they downplayed the severity of the problem.

“The information is pretty tame,” said Jeff Smokler, a spokesman for the association. “We have no reason to believe anyone was targeting that data.”

He called the theft of the laptop from the employee’s car an act of vandalism.

“I feel they are posturing,” Poole responded. “They are doing damage control.”

The letter going to North Carolina health care professionals does take an apologetic tone. “I want to assure you that (Blue Cross) takes its responsibility to protect your information very seriously, and sincerely regrets this loss of data,” Milo M. Brunick, vice president for network management, said in the letter. “We know that you entrust us to protect your information, and we are committed to preventing this type of situation from occurring again.”

The letter did not say what action, if any, Blue Cross had taken to correct the problem or what disciplinary action the association employee might have faced.

To lessen the potential for identify theft, the association is offering health care providers free credit monitoring for one year.
Blue Cross said it learned about the computer theft Sept. 3.

The Blue Cross and Blue Shield Association is a national network of 39 Blue Cross and Blue Shield companies. Affiliates across the country feed information to the network database where patients use it to locate health care providers.

Wilma Bailess, executive director of the Greater Greensboro Society of Medicine, said she had received no complaints from local members, but added she only learned about the problem Friday.

“This is the first time I have heard of anything happening like this,” Bailess said.

Contact Donald W. Patterson at 373-7027 or don.patterson@news-record.com