Anthem BlueCross BlueShield began notifying customers last week of a breach affecting about 18,000 Medicare members. The breach stemmed from Anthem’s Medicare insurance coordination services vendor LaunchPoint Ventures, based in Indiana.

LaunchPoint discovered on April 12 that an employee was likely stealing and misusing Anthem and non-Anthem data. The employee emailed a file containing information about Anthem’s members to his personal address on July 8, 2016.

The file contained Medicare ID numbers, including Social Security numbers, Health Plan ID numbers, names and dates of enrollment. Officials said limited last names and dates of birth were included.

[Find out what experts at Healthcare Security Forum are talking about in Boston Sept. 11-13. Event schedule.]

The employee has since been fired and is under investigation by law enforcement for other matters unrelated to the Anthem email.

In addition to a forensic investigation, LaunchPoint is working with law enforcement and reevaluating existing security policies and safeguards to prevent a similar event in the future.

Both LaunchPoint and Anthem are contacting all affected individuals. LaunchPoint is also providing two years of free credit monitoring and identity theft restoration services. Anthem reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights and the media.

[Also: The biggest healthcare breaches of 2017 (so far)]

This is Anthem’s second breach in the last two years. The company settled with members in June for $115 million, following a 2015 cyberattack that breached the data of 78.8 million plan holders.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn