Posted On March 31, 2023 Consumer Privacy & Data Breaches
March 31, 2023 – Blue Shield of California discovered that one of its vendors, Fortra, was the subject of a cyberattack on March 27, 2023, and as a result, filed a data breach notice with the Maine Attorney General. The incident led to unauthorized access to customers’ names, genders, dates of birth, addresses, email addresses, phone numbers, Blue Shield subscriber ID numbers, and other protected health information, according to the company’s official filing. After confirming that customer data had been compromised, Blue Shield notified the 63,341 people whose information was leaked.
The data breach at Blue Shield of California is being actively looked into by the data breach lawyers of Console & Associates, P.C. We are providing free consultations where we can go through your legal options for obtaining compensation from Blue Shield of California if you have received a breach notification and are curious to learn about the dangers of identity theft and what you can do to protect yourself.
California Physicians’ Service DBA Blue Shield of California, an insurer that offers individual, employer-sponsored, Medicare, and “Covered California” plans, has its main office in Oakland, California. The company is a member of the Blue Shield Association. Blue Shield of California, which was founded in 1939, presently employs about 7,250 people and brings in about $17 billion annually.
According to the company’s report to the Maine Attorney General, Blue Shield was informed by a provider, Brightline Medical Associates, on February 5, 2023, that one of its subcontractors, Fortra, LLC, had been involved in a cyberattack between January 28, 2023, and January 31, 2023. Fortra concluded that GoAnywhere Managed File Transfer-as-a-Service was breached by an unauthorized party. Additionally, it was discovered that the unauthorized party had accessed files with confidential patient information.
Blue Shield of California started looking into the affected files after learning that private patient information had been made available to an unauthorized party. This was done to ascertain what information had been leaked and whose clients were impacted. Your name, gender, date of birth, address, email address, phone number, Blue Shield subscriber ID number, and other protected health information may have been compromised, although the specifics may vary by individual.
On March 27, 2023, Blue Shield of California sent data breach notification letters to all those whose confidential information was exposed in the data leak. According to the Maine Attorney General, the Blue Shield/Fortra data hack affected 63,341 people.
Hackers can carry out a wide range of crimes with the data that was exposed in the Blue Shield of California data breach. They are free to commit any number of crimes themselves or to sell the knowledge to those on the dark web who want to commit those crimes.
The types of harm that can be caused using the data gathered during the malware attack are virtually limitless. Hackers may use your information to make unauthorized charges to your accounts and credit cards, among other things. They could even use your name to apply for new credit cards and loans. Names, Social Security numbers, and dates of birth are all fundamental and simple pieces of information required to apply solely for a credit card.
Hackers can use your information to perpetrate other types of identity theft besides financial crime. They may steal medical identities as well. They can obtain medical care in your name and leave you with medical debt if they have access to all of your protected health information. Moreover, inaccurate information about your medical history or medications may result in your medical records.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Blue Shield of California data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to affected individuals:
Dear [Redacted],
I am the Chief Privacy Official for Blue Shield of California (Blue Shield). Blue Shield provides benefit administration services for your health benefit plan sponsored by [Extra2]. It is my job to help protect the privacy of our members’ protected health information and to investigate any incident where a member’s protected health information may have been improperly accessed, used, or disclosed. I am writing to notify you about a privacy incident that may have impacted your protected health information.
WHAT HAPPENED
On February 5, 2023, Blue Shield was informed by its provider, Brightline Medical Associates (Brightline), that its subcontractor, Fortra, LLC (Fortra), suffered a cyber security incident between the dates of January 28, 2023, and January 31, 2023. The forensic investigation being conducted by Fortra revealed that an unauthorized individual gained access to Fortra’s GoAnywhere Managed File Transfer-as-a-service (MFTaaS) application and was able to download files that Brightline maintained on that system. Based on information provided to us by Fortra, the unauthorized individual potentially accessed and/or exfiltrated your personal information.
WHAT INFORMATION WAS INVOLVED
The information involved may have included your name, address, date of birth, gender, Blue Shield subscriber ID number, phone number, e-mail address, Plan name, and Plan group number.
There was no access to other types of protected health information, such as your Social Security number, driver’s license number, or banking or credit card information.
WHAT WE ARE DOING
Fortra immediately deactivated the unauthorized user’s credentials, disabled the vulnerable application, and rebuilt the application and gateway. Additionally, Fortra removed all data we shared with Brightline from the GoAnywhere MFTaaS and notified law enforcement. Blue Shield does not own or operate the impacted systems and we are relying on Fortra for reports of forensic advice.
Blue Shield takes this incident very seriously. We are committed to maintaining your privacy. Upon learning of the incident, Blue Shield immediately began an investigation into the matter.
We promptly locked communications between Blue Shield and our provider, Brightline.
WHAT YOU CAN DO
Please review the enclosed Information about Identity Theft Protection for additional information on how to protect yourself against identity theft and fraud. You may also take advantage of the complimentary identity protection services being offered to you. Blue Shield is offering you complimentary access to Experian IdentityWorksSM for one year.
If you believe there was fraudulent use of your information as a result of this incident and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent. If, after discussing your situation with the agent, it is determined that identity restoration support is needed, an Experian Identity Restoration agent will be available to work with you to investigate and resolve each incident of fraud that occurred from the date of the incident (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).
Please note that Identity Restoration is available to you for one year from the date of this letter and does not require any action on your part at this time. The Terms and Conditions for this offer are located at [Redacted].
While identity restoration assistance is immediately available to you, we also encourage you to activate the fraud detection tools available through Experian IdentityWorks as a complimentary one-year membership. This product provides you with superior identity detection and resolution of identity theft.
