Cyber Incident Victim: Regence BlueShield of Idaho
Date:
Mar 2019
Location:
United States of America
Summary
Blue Cross of Idaho experienced unauthorized access to its provider portal, where an attacker attempted financial fraud and accessed protected health information. The compromised data included member names, enrollee numbers, service dates, provider details, claim information, and payment data, but excluded Social Security numbers, financial account details, and medical diagnoses. Approximately 1% of members were affected. The organization halted the fraud, secured the portal, notified the FBI for investigation, and engaged cybersecurity experts. Affected members received new ID cards and offers for credit monitoring services as precautionary measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 21, 2019, an unauthorized individual gained access to Blue Cross of Idaho Health Service's online provider portal with the intent of fraudulently redirecting a provider financial transaction. The organization detected and halted the attempted financial fraud on the same day, subsequently securing the compromised portal. By March 22, 2019, investigators confirmed the intruder had accessed provider remittance documents containing protected health information (PHI) for approximately 1% of the insurer's total membership. The exposed data included member names, enrollee/subscriber numbers, dates of service, healthcare provider names, provider patient account numbers, claim numbers, claims payment details, and medical procedure codes. No Social Security numbers, driver's license information, banking/credit card details, or medical diagnosis data were compromised in the breach.
Blue Cross of Idaho immediately notified the Federal Bureau of Investigation (FBI), which initiated an active investigation into the incident. The organization engaged both internal cybersecurity teams and external experts to conduct forensic reviews of the provider portal and associated financial systems. As a protective measure, the insurer began issuing new member ID cards with updated identification numbers to all affected individuals within seven to ten business days, while establishing dedicated phone support for members experiencing benefit access issues during the transition. All impacted parties received notification letters with enrollment instructions for complimentary three-year credit monitoring and identity theft restoration services. The organization advised members to scrutinize Explanation of Benefits statements for unauthorized healthcare services and monitor financial accounts for suspicious activity, despite confirming no banking or payment card information was exposed. Security enhancements to the provider portal and ongoing cooperation with federal investigators formed the core of Blue Cross of Idaho's containment strategy following the breach.