August 24, 2023

Health Care Service Corporation Files Notice of Data Breach Affecting 192,231 Individuals

+ Follow Contact

Send

Embed

On August 21, 2023, Health Care Service Corporation (“HCSC”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that confidential information that had been entrusted to HCSC was subject to unauthorized access. In this notice, HCSC explains that the incident resulted in an unauthorized party being able to access information belonging to over 192,000 patients. Upon completing its investigation, HCSC began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Health Care Service Corporation, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Health Care Service Corporation data breach. For more information, please see our recent piece on the topic here.

What Caused the Health Care Service Corporation Breach?

The Health Care Service Corporation data breach was only recently announced, and more information is expected in the near future. Unfortunately, HCSC’s filing with the U.S. Department of Health and Human Services Office for Civil Rights only provides limited information on what led up to the breach. According to this source, HCSC experienced a hacking/IT incident involving a network server.

After conducting an investigation, Health Care Service Corporation confirmed that certain information that had been provided to HCSC was subject to unauthorized access. However, based on the limited information available, it is unclear whether the breach occurred within HCSC’s own IT network or within an IT network of one of the company’s vendors.

Regardless, after learning that sensitive consumer data was accessible to an unauthorized party, Health Care Service Corporation reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the HCSC notice does not list the affected data types, as a general rule, only breaches that involve consumers’ protected health information must be reported to the U.S. Department of Health and Human Services Office for Civil Rights.

On August 21, 2023, Health Care Service Corporation sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Health Care Service Corporation

Founded in 1936, Health Care Service Corporation is an independent licensee of the Blue Cross and Blue Shield Association based out of Chicago, Illinois. HCSC offers plans to residents of Illinois, Montana, New Mexico, Oklahoma, and Texas, serving more than 17 members in total. HCSC operates over 60 locations. Health Care Service Corporation employs more than 26,000 people and generates approximately $46 billion in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.