Members who called BlueCross BlueShield to discuss eligibility or coordination of care were likely recorded on the stolen hard drives. All members would have had names and benefits ID numbers on the recordings, and some would also have Social Security numbers, birth dates and possibly diagnoses or diagnostic codes.

The information was not encrypted, according to BlueCross BlueShield officials. Those whose Social Security numbers and birth dates were recorded are at the greatest risk of ID theft. BlueCross BlueShield has said they’ll offer free credit monitoring services to those members.

The insurance giant has back up data from the stolen hard drives, and is combing through that information, identifying which members have been affected and their level of ID theft risk. As the research proceeds, current and former members will be sent the letters with contact information call centers where they can gather more information and report any instances of ID theft.

The data breach was discovered October 5, and is thought to have taken place at rough 6 PM the previous Friday. Blue Cross has notified the Secretary of the Department of Health and Human Services and the State of Tennessee.

The data breach presents the possibility of massive medical insurance fraud, but the 187,000 doctors who used their Social Security numbers as tax ID numbers or provider numbers are most at risk of identity theft.

The unnamed employee, in dereliction of company policy, downloaded the database to his personal laptop to work on it at home. The computer was stolen from the employee’s car August 27 and the crime was reported to the Chicago police.

No patient information was in the file.

The file was encrypted while on the insurance company’s network according to protocol, but the employee unencrypted it before downloading it.

BlueCross BlueShield told their 39 affiliates about the data breach within a week of the incident, and left it up to them to notify physicians nationwide, but as of October 7, some of the doctors still had not been contacted, according to an article on amednews.com, a medical news site operated by the American Medical Association.

Roughly 90% of the nation’s physicians are in the BlueCross BlueShield network.

In a letter sent to the affiliates, BlueCross BlueShield said there was no evidence that the information on the stolen computer has been misused.

BlueCross Blue Shield is automatically providing a year of free credit monitoring to the doctors whose Social Security numbers were compromised. Other doctors interested in being covered by credit monitoring must request if from their affiliate.