Blue Shield of California Notice Regarding Data Breach at Third-Party Vendor

SAN FRANCISCO, February 15, 2019 – Blue Shield of California has been notified that a vendor providing claims related services to the company has had its computer servers unknowingly accessed by an unknown third-party last year.

The breach of computer servers at Sharecare Health Data Services occurred between May 21and June 26. Sharecare Health Data Services LLC notified Blue Shield of California about this breach on Dec. 31. The incident is under investigation by authorities.

Sharecare provides data services such as medical records management services to doctors and other health care professionals. There is no evidence that any individual’s social security number, driver’s license number, clinical medical information, or banking and credit card information was accessed. About 18,000 plan members were affected across the state.

Blue Shield contracts services from Sharecare to obtain information contained in medical records to pay claims related to treatment or for other healthcare operations purposes. The protected health information that was accessed included the individual’s name, address, date of birth, subscriber identification number, name and address of a clinic or facility that provided health services and, in some instances, the name of the health care provider, the individual’s medical record number and internal Sharecare processing notes. Blue Shield has begun notifying, by letter, plan members who were affected.

Blue Shield takes this situation seriously and is committed to protecting the privacy of its members. Blue Shield is working with Sharecare to ensure that Sharecare’s increased cybersecurity protections meet Blue Shield’s strict cybersecurity requirements. Blue Shield will provide all impacted individuals with free credit monitoring and identify repair services from AllClear ID at no cost to the affected members.

Blue Shield has also reported the breach to the Centers for Medicare and Medicaid Services, the Department of Health and Human Services Office for Civil Rights, and the California Attorney General’s office as required by federal and state breach notification laws.


Blue Shield Contact: