That's an increase from a mid-March figure of 521,761 members, as the plan has substantially completed forensic work to identify members at high or medium risk and now is focusing on identifying those at low risk--447,549 so far. Notification letters for these Tier 1, or low-risk members, started going out April 5.
The Blues plan has enrolled all 998,422 known affected members in an ID theft protection program. As of April 2, 238,589 Tier 3, or high-risk members, have been identified. These members' at-risk information includes name, address, date of birth and Social Security number. They have received free credit monitoring services for a year and minors have received special free identity monitoring services.
Another 312,284 Tier 2, or medium-risk members, whose information included name, address and/or date of birth, and diagnostic information, have been notified and receive the ID theft prevention services. Tier 1 members, whose information includes name, address and/or date of birth, also receive these services.
As of mid-March, the data breach had cost BlueCross and BlueShield of Tennessee $7 million. The plan's employees and vendors had spent more than 114,000 man-hours reviewing back up data and notifying affected members, primarily Tier 2 and 3 members to that point.
The plan has issued regular updates to the media since the theft occurred. With work almost finished, it will release a final report when the process is complete.
The May Cover Story of Health Data Management's print edition provides more details on BlueCross and Blue Shield of Tennessee's efforts to resolve the data breach and lessons learned.
This article was reprinted with permission from