CHATTANOOGA – BlueCross BlueShield of Tennessee (BCBST) is notifying approximately 2,000 current and former members about a pair of data security incidents that may have affected their member portal accounts. The remainder of BCBST’s more than 3.4 million members were not impacted by these incidents.
The potentially impacted group includes those with BCBST coverage through an employer or who purchased a BCBST plan independently, as well as participants in BlueCare Tennessee, Medicare Advantage, and BlueCare Plus plans.
BCBST is providing notice of this incident to possibly impacted members by letter and offering resources to help them protect their personal information. BCBST has arranged to offer identity monitoring services at no cost to affected individuals who receive a letter about this issue.
The company encourages affected individuals to remain vigilant against incidents of identity theft and fraud and to review their account statements. U.S. residents are entitled to a free credit report annually, which can be obtained by visiting www.annualcreditreport.com or by calling (877) 322-8228. Affected individuals are encouraged to monitor their free credit reports for suspicious activity and to report any errors.
On about December 19, 2023, BCBST’s security monitoring tools identified suspicious log-in attempts to its online member portal that came from outside the company with username and password combinations from an unknown source. The company has no evidence that these username/password combinations were obtained from BCBST systems. To prevent further unauthorized activity, BCBST’s security team took immediate action to temporarily disable its online member portal, enhance password security, and engage outside experts. During its investigation of the December event, BCBST learned between January 18-24, 2024 that a similar incident occurred on August 17, 2023.
The affected personal information varies by individual. It could include name, date of birth, address, subscriber ID, provider name, group number and name, plan information, medical information, claims information, user ID and password. BCBST believes that for less than 1% of potentially impacted members, it could include financial information if linked to their account. For members whose coverage ended more than two years ago at the time of the incident, the affected information included only their user ID and password.
Those impacted should review benefits documents they receive from BCBST or BlueCare to confirm that they received the health care services described and reach out to the company if they find any unusual activity on their account.
As an extra layer of safety, BCBST is asking members to change their online account passwords when they sign in. The company is also implementing new log-in requirements. As with any account with a password, BCBST recommends users create a new password that isn’t used for other accounts.
Individuals who may have questions or who would like additional information about this issue may call BCBST at 1-888-455-3824 between 8:30 a.m. and 4:30 p.m. ET, Monday through Friday or email Privacy_Office@BCBST.com.
About BlueCross®
BlueCross BlueShield of Tennessee is a taxpaying, not-for-profit health plan serving more than 3.4 million members in Tennessee and around the country. The Chattanooga-based company was founded in 1945 and has brought peace of mind to its members and local communities for more than 75 years. BlueCross BlueShield of Tennessee Inc. is an independent licensee of the BlueCross BlueShield Association. For more information, visit the company’s news center at bcbstnews.com or visit the company’s website at bcbst.com.