Blue Cross and Blue Shield (BCBS) of Massachusetts has identified and given notice to 4,855 members whose personal information was part of a data breach that occurred in late-June.
According to the insurer, an employee at a third-party vendor that they work with, LifeWorks, e-mailed a spreadsheet containing members’ personal identifying information, to their personal Gmail account, and copied another employee’s personal e-mail as well.
The employees had stated that the reason for the e-mail was to “preserve the formula used” in the spreadsheet, according to HIPAA Journal. While they claimed to attempt to delete the personal information before sending the spreadsheet, they have since deleted the spreadsheets from their computers. The two employees involved have since been let go from the company.