[ISN] Medical firm's files with personal data stolen

From: InfoSec News (isn@private)
Date: Thu Jul 14 2005 - 22:29:16 PDT


http://www.azcentral.com/arizonarepublic/business/articles/0713biodyne13.html

Matt Hanson
The Arizona Republic
July 13, 2005

The personal information of 57,000 Blue Cross Blue Shield of Arizona
customers was stolen from a Phoenix-based managed care company.

Arizona Biodyne, an affiliate of Magellan Health Services that manages
behavioral health for Blue Cross of Arizona, began last Friday
notifying customers and providers whose information was lost in the
latest theft in which financial, personal or medical records were
taken.

The stolen information included policyholders' addresses, phone
numbers, Social Security numbers and dates of birth. They also
contained partial treatment histories for some patients and certain
information about the doctors who provided that care, Biodyne
spokeswoman Erin Somers said.

Most of the people at risk from the Biodyne theft live in Arizona. It
is unclear whether the thieves knew what they had when they stole a
safe.

Biodyne reported to police on June 29 that a safe containing computer
backup tapes was stolen from its office at 8900 N. 22nd Ave., Suite
206.

"There was quite a bit of data on those computer backup tapes," said
Somers, when explaining why it took more than a week to start
notifying customers. "We wanted to take a hard look and a detailed
look at the information that was backed up on the tapes."

Blue Cross is working with Biodyne to notify people whose information
might have been in the safe, Blue Cross spokeswoman Regena Frieden
said.

"If people's information had been included on the tapes, then they
would have received or will receive a letter from Arizona Biodyne,"  
Frieden said.

Biodyne also set up a toll-free number and an e-mail account to answer
the questions of people whose information was stolen.

The company declined to make the number and address public, fearing
that people who are not at risk would flood them with requests and
slow response time to those whose information was stolen.

Joy, who received the notification letter and asked that her full name
not be used, said it instructs her to contact a long list of companies
and government organizations to make sure her information has not been
misused.

"I'm going to call the (Arizona) Department of Motor Vehicles, my bank
and all my financial institutions and all the credit agencies," said
Joy, who works at a medical office in Mesa.

She added that she has been watching her credit-card statements
closely since the financial data breach reported by Atlanta-based
CardSystems Solutions Inc. last month.

Biodyne and Blue Cross said it is not clear whether the people who
took the safe did so with the intent to use people's personal
information.

"Nobody knows whether this information has been accessed, can be
accessed or that the thieves even knew what was in the safe," Frieden
said.

This is the first time a company working with Blue Cross has had such
a problem, she added.

But several other companies have reported personal information stolen
in recent months, during a time when concern for identity theft is on
the rise.

Even large, high-profile corporations have been hit by major data
breaches during recent years. Citigroup Inc., Bank of America Corp.  
and DSW Shoe Warehouse are among the national companies that have
fallen victim.

The last leak in Arizona happened just last month at the Tucson office
of CardSystems. The company, which processes credit-card transactions,
told the FBI on May 23 and then made public on June 17 what was
perhaps the largest data breach in history.

A computer hacker stole the card numbers and three-digit security
codes of 40 million cardholders.

Two years earlier, thieves stole computer hard drives from the Phoenix
office of TriWest Healthcare Alliance. These computers contained
medical records and Social Security numbers for more than 500,000
military personnel.

The best that Biodyne can do for now is to educate those who are at
risk, Somers said.

"We want people to be aware of that fact and know what to do if they
are concerned," Somers said.

-=-

12 News contributed to this article.




_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 22:44:05 PDT