Following '09 Hard Drive Theft, $6 Million Effort Ensures All At-Rest Protected Health Information is Secure
BlueCross BlueShield of Tennessee has successfully completed a $6 million effort to encrypt all at-rest data throughout its enterprise, giving members peace of mind that their personal information is secure.
In October 2009, 57 hard drives were stolen from a BlueCross facility. The hard drives contained audio and video recordings related to customer service telephone calls from providers and members, and included varying degrees of personal information on about 1 million members. To date, there is no indication of any misuse of personal data from the stolen hard drives.
In response to the theft, BlueCross worked to comply with all regulatory requirements, including notifying all impacted members and providing free credit monitoring services to members at a higher risk of identity theft. Next, the company launched and has now completed a major initiative to encrypt more than 885 terabytes of at-rest data residing within the enterprise.
“The trust of our members is one of our most important assets, and the hard drive theft represented a serious threat to that trust,” said Nick Coussoule, senior vice president and chief information officer for BlueCross. “The lessons we learned from the theft led us to go above and beyond current industry standards, and our team has worked tirelessly to put new safeguards in place and encrypt all our at-rest data.”
The company began by completing an exhaustive inventory of all the points where data resides within the company, from computer hard drives to servers and removable media devices, such as USB drives and CD/DVD burners. BlueCross divided the encryption efforts into six key areas of focus and completed the project in just over one year. As a result all at-rest, or stored, data is now encrypted.
“We searched the country and were unable to find another company that has achieved this level of data encryption,” said Michael Lawley, vice president of technology shared services for BlueCross. “In addition to world-class information security technology, we have adopted even stricter policies and procedures that support our ongoing commitment to security. Our members can rest easier knowing we implemented this process to better protect their privacy.”