|July 28, 2011|
BlueCross Completes Industry First Enterprise-Wide Data Encryption
CHATTANOOGA, Tenn. — BlueCross BlueShield of Tennessee has successfully completed a $6 million effort to encrypt all at-rest data throughout its enterprise, giving members peace of mind that their personal information is secure.
In October 2009, 57 hard drives were stolen from a BlueCross facility. The hard drives contained audio and video recordings related to customer service telephone calls from providers and members, and included varying degrees of personal information on about 1 million members. To date, there is no indication of any misuse of personal data from the stolen hard drives.
In response to the theft, BlueCross worked to comply with all regulatory requirements, including notifying all impacted members and providing free credit monitoring services to members at a higher risk of identity theft. Next, the company launched and has now completed a major initiative to encrypt more than 885 terabytes of at-rest data residing within the enterprise.
“The trust of our members is one of our most important assets, and the hard drive theft represented a serious threat to that trust,” said Nick Coussoule, senior vice president and chief information officer for BlueCross. “The lessons we learned from the theft led us to go above and beyond current industry standards, and our team has worked tirelessly to put new safeguards in place and encrypt all our at-rest data.”
BlueCross invested more than $6 million and 5,000 man-hours in the data encryption effort, which included:
- 885 Terabytes of mass data storage
The company began by completing an exhaustive inventory of all the points where data resides within the company, from computer hard drives to servers and removable media devices, such as USB drives and CD/DVD burners. BlueCross divided the encryption efforts into six key areas of focus and completed the project in just over a year. As a result all at-rest, or stored, data is now encrypted.
“We searched the country and were unable to find another company that has achieved this level of data encryption,” said Michael Lawley, vice president of technology shared services for BlueCross. “In addition to world-class information security technology, we have adopted even stricter policies and procedures that support our ongoing commitment to security. Our members can rest easier knowing we implemented this process to better protect their privacy.”
Data encryption is achieved through the use of algorithms, which convert normal, readable information into an indecipherable format, and secure keys, which allow only authorized users to convert the information back into a format they can use. This means that even in the event of a theft or some other security breach, no one would be able to read the data contained on BlueCross hardware, whether it was a computer, server or flash drive.
For more information on BlueCross’ data encryption efforts, visit <a href=http://"http://www.bcbst.com">www.bcbst.com/data.
Return to Press Releases