The data breach presents the possibility of massive medical insurance fraud, but the 187,000 doctors who used their Social Security numbers as tax ID numbers or provider numbers are most at risk of identity theft.

The unnamed employee, in dereliction of company policy, downloaded the database to his personal laptop to work on it at home. The computer was stolen from the employee’s car August 27 and the crime was reported to the Chicago police.

No patient information was in the file.

The file was encrypted while on the insurance company’s network according to protocol, but the employee unencrypted it before downloading it.

BlueCross BlueShield told their 39 affiliates about the data breach within a week of the incident, and left it up to them to notify physicians nationwide, but as of October 7, some of the doctors still had not been contacted, according to an article on amednews.com, a medical news site operated by the American Medical Association.

Roughly 90% of the nation’s physicians are in the BlueCross BlueShield network.

In a letter sent to the affiliates, BlueCross BlueShield said there was no evidence that the information on the stolen computer has been misused.

BlueCross Blue Shield is automatically providing a year of free credit monitoring to the doctors whose Social Security numbers were compromised. Other doctors interested in being covered by credit monitoring must request if from their affiliate.

A recent study by the Ponemon Institute and Absolute Software Corp. revealed that 56% of business managers had disabled their computers’ encryption. Adding to the impact, 92% of IT security professionals said someone in their organization has lost their laptop or had it stolen. In 71% of those incidents, a data breach resulted.

The findings of this study echo those reported earlier this month by Verizon Business. Their data breach study found that 67% of the data breaches occurring in 2008 were aided by significant employee error; 83% were of no, low or moderate difficult; 81% of victim organizations were not Payment Card Industry Data Security Standard (PCI DSS) compliant.

While these revelations go a long way toward explaining the 285,000,000 records compromised in data breaches last year, they don’t explicitly prescribe means of identity theft protection for consumers, in what is obviously a Wild West zeitgeist.

LifeLock provides identity theft protection to nearly 1.5 million Americans, helping to protect them. Visit LifeLock.com to learn more about WalletLock, eRecon and TrueAddress—services and tools not available from any other identity theft protection service.