More than 800,000 members of Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) were sent notification letters after two unencrypted laptops were stolen from the insurance provider’s Newark headquarters. The notice was sent to alert the members that their personal information may have been compromised.
The stolen laptops were unencrypted, but what comes as a relief is that they were password-protected. Sensitive information on roughly 840,000 members was stored in the laptops, including names, addresses, dates of birth and Horizon BCBSNJ identification numbers. Social Security numbers and clinical information were also included.
“Our top priority at the moment is making sure our members are protected. We are in the process of notifying our members, who are affected, to apologize for this incident and to provide free credit monitoring and identity theft protection to those members’ whose Social Security numbers were involved” said Thomas Vincz, a Horizon BCBSNJ spokesperson.
Horizon BCBSNJ officials were informed that two laptops were stolen, despite being cable-locked to employee workstations. The insurance company began notifying affected members via mail following an initial investigation with the Newark Police Department.
Horizon BCBSNJ also hired outside computer forensic experts who determined that not all the information contained on the laptops would be accessible due to the configuration of the machines.
The laptops have yet to be recovered and an investigation is still ongoing, Vincz said. The information has not been used in any way and officials with Horizon BCBSNJ do not believe the laptops were stolen for the information the devices contained, according to a statement posted to the website.
Vincz said “Horizon is still investigating the encryption procedures and the use of member information as it relates to the two stolen computers. Horizon is also reviewing its inventory of computers and its security and encryption procedures in general. We will also be enhancing employee training with respect to the security of company property and member information”.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.