Emailing error causes former Blue Cross Blue Shield customers to receive claims | The Hill

Emailing error causes former Blue Cross Blue Shield customers to receive claims
BY JOSEPH CHOI - 02/03/23 4:41 PM ET
SHARE
TWEET

Getty Images
Many former customers of Blue Cross Blue Shield (BCBS) health plans woke up on Friday to discover they had been notified of insurance claims despite not being covered by the provider for some time, causing concerns that a security breach could have leaked customer information.

Several people on social media on Friday reported receiving insurance claim notifications from Health Care Service Corporation (HCSC), the licensee for BCBS in five states: Illinois, Montana, New Mexico, Oklahoma and Texas. The last time these former customers reported being covered by HCSC ranged from some months to years.

Some expressed concerns that these erroneous emails were phishing attempts while others were simply confused by the sudden notification so long after they had been covered by BCBS.

Copies of the claims shared online showed that the claims were reported to be recent and some former customers reported receiving more than one claim.

“I have two claim notifications on insurance I haven’t had/used in 9 months & their login website is down this morning to ask anybody why,” one former customer wrote on Twitter. “I’m not sure if it makes me feel better or worse that others are having the same problem. Data breach? Personal information compromised?”

House unanimously approves resolution condemning China for spy balloon
Chinese balloon had antennas, solar panels: reports
HCSC said in a statement to The Hill, however, that the notifications these individuals received were due to an error within the company and were not indicative of a security issue.

“Starting on Feb. 2, we sent claims notification emails to some current and former members in error. Those emails generated high traffic into Customer Service and our member-facing site and app, which has created longer hold times and sluggish service,” an HCSC spokesperson told The Hill.

“We have completed our review, and we have no evidence that these system issues are due to malicious cyber threat activity. We are also not aware of any improper disclosure of personal health information,” they added. “Members do not need to take any action.”