The Department of Managed Health Care of California has just admitted that, this past May, several Blue Shield of California Spreadsheets containing physician Social Security numbers were released — not once, but 10 times.
Each month, health plans in California are required to submit a roster of their contracted medical providers. The rosters should include names, addresses, phone numbers and more, and are made public upon request.
This past May, a DMHC analyst realized that the spreadsheet rosters that had been submitted by Blue Shield for the previous three months had mistakenly included Social Security numbers for a total of 18,000 medical providers. These spreadsheets were then requested a total of 10 times by various entities, including media outlets and health plans.
According to the DMHC, there is no evidence that the personal information that has been mistakenly released has been misused. However, Blue Shield of California is offering a free year of credit monitoring to affected providers, in order to catch any potential instances of identity theft more quickly. California’s attorney general, as well as the physicians affected by the breach, have been notified. DMHC is asking that the 10 entities that requested the rosters return the information and destroy any copies that had been made of it.
As a result of the data breach, DMHC has put into use a data loss prevention system that will go through all roster reports by Blue Shield, as well as any other health plan submitted by the state, in order to ensure that confidential information hasn’t been included. “This new process includes multiple levels of data review and validation before filing documents with the DMHC,” said Blue Shield of California in a released statement.