Subscribe to the Journal

Contact Us

News

Theft costs Tenn insurer $7M 




CHATTANOOGA, Tenn. (AP) — BlueCross BlueShield of Tennessee says the theft of computer hard drives that contain personal information on hundreds of thousands of members has already cost the insurer more than $7 million.

The Chattanooga Times Free Press reports that the October theft has become one of the city's most expensive property crimes of the year.

The insurer has already contacted 220,000 affected members in Tennessee and other states, but company officials have said as many as 500,000 members could eventually be identified as facing a risk of identity theft.

More than 700 workers have been working to determine what was on the 57 hard drives and assess the back up copies of the missing records.

BlueCross Vice President Ron Harr told the newspaper that the state's largest health insurer has sufficient resources to absorb the losses. Some of the loss is insured. Harr said the cost of dealing with the theft will not directly lead to any increase in rates but ``in the end, ultimately all of our money must come from our customers.''

The computer files taken from a closet in leased office space contained audio copies of telephone calls and records of video screen images.

BlueCross declined the newspaper's request for details about the break-in or who had access to the protected area of the leased offices.

Police spokeswoman Jerry Weary said investigators have not made any arrests.

Ed Galloway, supervisory senior resident agent for the FBI, said the organization has been briefed about the missing computer files. He declined comment.

So far, there have been no verified instances of any improper access or use of individual identities or health records from the stolen computer hard drives. BlueCross spokesman Roy Vaughn said 8,728 members have called and about 20,500 members have accepted the company's offer for free credit monitoring services from Equifax, Kroll or Lifelock.

To comply with the Health Information Technology for Economic and Clinical Health Act adopted last year, BlueCross must notify attorneys general in more than 30 states where at least 500 members may be affected by the security breach.