Patient data has been exposed in a recently announced security breach impacting over 800,000 patients, including members of Blue Cross and Blue Shield of Massachusetts (BCBSMA). This breach included full names, email addresses, physical addresses, and telephone numbers. Social Security numbers (SSNs), health insurance and medical ID numbers, dates of service, treatment and diagnostic codes, account details, medical device purchases and provider names.
National Account Service Company (NASCO) is warning that this data breach exposed the personal data of more than 804,000 BCBSMA insureds after a file transfer program used by the company was hacked in a data theft attack. NASCO claims on its website to be “a healthcare technology company dedicated to co-creating digital health solutions for Blue Cross and Blue Shield companies,” including BCBSMA. It works with numerous Blue Cross and Blue Shield plans across the U.S., including BCBSMA, providing healthcare technology solutions and in doing so has created databases with personal patient data and generating predictive analytics.
This breach was reported by NASCO and BCBSMA in late October, even though it reportedly took place in May of this year and they learned about the breach in July. You can view the Notice here.
If you are a BCBSMA member and received notification of this breach, your rights may be impacted. For more information about your options, please contact us at 1-800-745-8153.