Independence Blue Cross, the Philadelphia based health insurer firm, has notified none less than1% of its members about the data exposure. The company has stated that data of 16,762 patients were exposed on an online platform for many months as an employee uploaded a member’s file online. Along with the names, diagnosis codes, dates of birth, and provider details, the purposes for the claim processing were disclosed on the web portal. However, the officials from the company have confirmed neither the information of the credit card nor any financial data were shared in the breach. In case of any misuse of data, cybercriminals will only be able to accomplish a medical fraud.
On July 19, 2018, Independence Blue Cross was notified of the vulnerability of patient’s information. After the execution of a thorough investigation with the assistance from a forensic firm, it was concluded that an employee of the firm had uploaded the personal file of a member to a public-facing web page, which resulted in the data breach.
The data was available on the public platform from 23rd April to 20th July as the officials failed to identify the point of generation. Once the reason behind the susceptibility was discovered, the file was immediately removed from the web portal while a strict action was taken against the employee. However, the company didn’t reveal whether or not the employee did it intentionally or accidentally.
This breach has brought forward a warning to the other organizations. It has sent a clear message to strongly monitor the networks and control the actions inside the organization. This will not only prevent such actions but will also detect the improper uploading of sensitive information on the internet.
If the firms succeed in safeguarding the information of the customers associated with the firm, the reputation of the company will boost with time.