State agency announces privacy breach, revealing Social Security Numbers of health care providers
The Illinois Department of Insurance has announced that it has mistakenly allowed the Social Security Numbers of health care providers to be publicly posted. The number of health care providers affected by this privacy breach has not yet been disclosed, but the event may have some impact on the insurance industry. State officials recently learned of the privacy breach after receiving complaints. It is unclear how long the Social Security Numbers of health care professionals were visible to the public.
Privacy breach is associated with filings from insurers, but is not the result of a cyber attack
The privacy breach is associated with filings coming from Blue Cross Blue Shield, which the state provides information on via a website managed by the National Association of Insurance Commissioners. The insurer was not responsible for the privacy breach, of course, and no malicious activity is suspected as being at play. The National Association of Insurance Commissioners has noted that it is unaware of any other disclosures of sensitive information. Once made aware of the situation, Illinois officials moved to ensure that all sensitive data was removed from public viewing.
Insurance industry has been hit by several cyber attacks in the past few months
While this is not being considered a malicious privacy breach, the insurance industry has suffered from similar instances that were malicious in recent months. Notably, Anthem was among insurers that fell victim to major cyber attacks, which saw the sensitive data of millions of people compromised. Other insurers have been affected by cyber attacks as well, highlighting the need for better security measures and the growing threats that exist in the digital space.
Sensitive data may not have been used for malicious purposes
The Illinois Department of Insurance has worked to inform health care providers that their information may have been compromised due to the privacy breach. There is not yet any indication that any information obtained through the privacy breach is being used for malicious purposes. If this does become the case, the insurance industry may be able to help handle the fallout associated with any exploitation.