YOUR COMMENTS

Just to clarify a misunderstood point by those commenting:

"Blue Cross Blue Shield Association recently notified Anthem Blue Cross and Blue Shield in New Hampshire, its local licensee, of the breach, the letter said."

The article sounds like the data breach occured at the BCBS National Association level, which is NOT Anthem BCBS of NH, nor it is WellPoint.

Anthem/WellPoint belong to the National BCBS Association as do other non-Anthem/WellPoint owned BCBS plans in some states, and Anthem NH was then warning thier providers of data that was compromised.
- Joe C, Manchester

What ever happened to using a flash drive or removable hard disk drive?
Pure laziness is the issue.
- James Kocinski, Nashua, NH

Josh, you are so right! Windows stinks! 90% of the world has it completely wrong. It is far superior to have little to no way of ever making repairs to your computer like in the case of a Mac. We should be relying on overpriced tech support to do that job for us. Plus, we should enjoy spending so much more money for our PCs! And don't forget all of the amazing business software you can get for the Mac, and the strength of Apple servers.
- Frank, Manchester

You are off base. It is the FILE SYSTEM and hence the core that is inherently insecure on a windows computer. The FILE SYSTEM on a Mac, like Unix, is inherently secure. It is not dependent on software.

On a Windows machine you can go in through the bios during boot up and bypass any password. You can't even boot up a Mac without the password, there is no access to the bios. Windows = insecure, Mac = secure.

The conversation certainly is about Windows - it stinks.
- Josh, Dover

To Matt-Concord:
This is not the fault of BCBS solely- this is ultimately and dually the fault of the employee who had access to downloading information and CHOSE TO PUT IT ON A PERSONAL LAPTOP.

People working at Anthem have to sign agreements on understanding how they can handle sensitive information and how it can and cannot be used. This employee whoever they are, downloaded information to a laptop that Anthem did not approve nor authorize -

The MAIN question here is this: did Anthem pick up on the fact an authorized download was sent to an unauthorized laptop, and failed to address it with the employee, or did the employee have to come forward because he/she hadnt been caught yet? There is alot missing from this article that I would be questioning, as a Medical Biller.

Anyone who bills insurance must provide certain pieces of information on a medical claim - one of which the provider has a choice depending on how they are set up: A Tax ID or a Social Security Number. This is only one identifier among a few that must be used in order for a claim to be submitted let alone process with the insurance.

This is no different than your payroll department needing your SS# to do payroll.... so you can get your tax information to file taxes at the end of the year. Same thing for Providers - but the use of the SS# or Tax ID has multiple needs and uses.

As far as the claim goes, without that information on a claim, the claim gets rejected - the doctor/office doesnt get paid, and they have to edit the claim all over again to add that missing information and hope that was the only thing wrong with the claim.

Providers have to rely on insurance companies to watch over THEIR sensitive information for them and unfortunately with Anthem: a very large entity in the insurance industry - this doesnt bode well for them at all.
- Anonymous Medical Biller, Manchester, NH

B. Bronard,

Unless you use some sort of encryption on a Mac or a Windows machine, they are both insecure to a physical attack.

Let me repeat that, if someone physically has your machine in their hands, the only thing that will prevent them from accessing everything on your HD is encryption.

Macintosh has FileVault, and by default, it is off. It is also does not fully encrypted your entire hard drive.

I agree that out of the box, Windows has even less... BUT neither part of this matters.

BCBS is at fault.

A) If the user was authorized to access the data, they should never have been able to move it off a secure system.

B) If the user was authorized to move the data, it should have been encrypted at every point.

This is not a conversation about Windows vs. Mac. This is a problem with BCBS's security procedures.
- matt, Concord

Jim H,
Why not? After all Manchester is the center of the universe. You being from the planet Uranus most likely didn't know that.
- David, Manchester

Funny how everyone presumes a computer is a computer is a computer and blame it on the user.

In fact it's the Windows operating system that is at fault, it is inherently not-secure and unable to be secured, from the word go. The data on a Mac is inherently safe, for fundamental computer design reasons that would take some time to explain. No viruses either.

The Windows computer market is reminiscent of how we were sold all the GM bill-of-goods unsafe rust bucket cars for so long. A Caddy was an Chevy with $1100 of trim slapped onto it but cost $5000 more. Marketing junk made GM so rich it could give a superb set of benefits to employees. In Microsoft's case it created the richest man on Earth.

People eventually figured out there were MUCH better cars from Japan. Now GM whistles a tune as the political right tries to blame it's failure on it's employee's union. That's the "free market" for you.

Next time some theoretical libertarian takes a minute from scratching lottery tickets and tries to lecture you about the superiority of the nonexistent, "free market" feel free to laugh in his face.
- B. Bronard, Keene

Tracey,

It the fault of BCBS because it should not have been possible for the employee to move the data to their personal laptop. Period.
- matt, Concord, NH

Chris - it was not encripted because it was a PERSONAL laptop.... how is that the blame of BCBS?
- tracey, manchester

Bill - I didn't exonerate the employee. I stated that they are also at fault. But to fix the over all issue the firing of one person is not all that needs to be done. If employee's have access to company confidential information BCBS should ALSO be on the hook for putting processes in place to prevent UNAUTHORIZED activities! This is not shifting blame it is as they are BOTH to blame.
- Chris, Manchester

David,

I don't think they are going to fly whoever, from wherever, to stand on Elm St in Manchester, NH. You must not understand how large Anthem/WellPoint really is, and what a major leak this is.
- Jim H, Manchester

Jose H. has the best idea. This is a logical way to put the cost of this on the insurance company.
- Mr. A, Manchester

Life has risk. This is the life we live in. If you can't handle it. Go live in a cave.
Monitor your credit. Hope for the best. I am sure you will soon have something else to cry about.
- Mr. A, Manchester

George in Henniker - please read the article again. It was not a local Anthem BCBS employee. Anthem associates do have encryption software on all company issued equipment - including laptops. This was most likely someone at the national association office who downloaded a file onto his corporate laptop to do some work at home. Doesn't make it any better...but let's not jump on folks who are not at fault here.
- Linda, Keene

When personal information which could lead to identity theft is lost in a breach such as this, those responsible for the breach should be on the hook for lifetime credit monitoring for the victims, not a measly one year. If service providers don't want this responsibility, they can get out of the business or learn how to do businees without compromising the identities of their customers.
- Jose H., Manchester, NH

"....a national-level employee transferred to a personal laptop computer that was later stolen."

Why in the world would Anthem Blue Cross and Blue Shield allow an employee to transfer any file onto their PERSONAL computer?

Negligence can't even describe this incident.
- George, Henniker

Is this not yet another perfect reason for why these careless companies should NOT be able to use our SS numbers in the first place? WHY are we STILL having to give out our number?
- jay a, brentwood

Chris, blame BCBS for an employees gross violation of company policy?

Come on! Stop trying to shift blame to the "other guy"!
- Bill, Candia

Dale i don't see how this is a violation of HIPAA. They said health information was not on the laptop, it was the providers' social security numbers and personal information. That doesn't violate HIPAA.
- B, Manchester, NH

Talk about a major violation of H.I.P.A.. If this employee hasn't been canned yet, they should be.
- Dale A., Manchester

So what are they going to do to repay the providers? I would like to recommend just paying claims for services provided and not automatically denying each and forcing both providers and patients to run the gauntlet... Just a thought!
- Kelly, Bristol

Yes the employee is partially at fault if this is not an authorized activity (to copy these files locally to a laptop). However, the bigger concern is why the laptop did not have encryption software installed that would have made this a non-issue in the first place. The main blame and accountability should fall on BCBS's security practices.
- Chris, Manchester

Passing laws doesn't protect your information. SSN should not be an identifying number used everywhere. It cannot be made secure.
- Cathleen, Center Barnstead

The person who transfered the files to the personal laptop should be fired and made to stand on Elm Street with a sign that says " Look at me Im an idiot"
- David, Manchester