Blue Cross Blue Shield Of Georgia Sends 202,000 Letters Containing Personal Information To The Wrong Addresses

Well, if you’re having a bad day at work, rest assured that someone in Georgia is having a worse one. The Journal-Constitution is reporting that 202,000 Blue Cross Blue Shield of Georgia customers had their personal information exposed, including (in some cases) their social security numbers, thanks to an error in the computerized mailing system. The system was apparently used before it was tested.

“As soon as we became aware of the mailing error, we worked to determine the exact cause, and we have made changes to prevent it from happening again in the future,” said a Blue Cross Blue Shield spokesperson.

BCBS’s parent company also said that it is in “the process of removing all Social Security numbers from such future mailings.” The state of Georgia is requiring the insurance company to notify all those whose information was compromised and offer them one year of credit monitoring. You know, at the rate these data breaches are happening, we’ll all have free credit monitoring pretty soon.

Here’s what the AJC says you should do if this breach affects you:

Policyholders who received an incorrect EOB should contact Blue Cross’s dedicated toll-free number at 866-800-8776 between 7 a.m. and 9 p.m. Monday through Friday. Members who may have received an EOB of another individual should return it to Blue Cross. The company will provide a postage-paid envelope.

Private medical data exposed [Journal-Constitution](Thanks, Matt!)


Edit Your Comment

  1. DeadlySinz says:

    Time to sue lol.

  2. tedyc03 says:

    Oh no biggie. I accidentally mail people with my automated mailing software without testing all the…


    Dev/Staging/Prod, people. Dev/Staging/Prod.

  3. mariospants says:

    Incroyable. Might as well be mailing your checkbook to people.

  4. Kevino says:

    I see that the Health Care system works normally across the US. I’ve been in the Health Care IT business for 8 years now and 85% of the new projects are pushed into live status before they’re ready.

  5. Rectilinear Propagation says:


    @tedyc03: Yes. Yes they are.
    They were incapable of even mailing me an insurance card in the 4-5 months I had insurance with them through my employer.

    I’d say their mailing system has been screwed up for years.

  6. moviefan2020 says:

    Slightly similar (but different) event happened at University of Maryland.

    Excerpt from letter sent to students:
    “On July 1,2008, the University of Maryland’s Department of Transportation Services sent all registered students, by U.S.mail, a brochure with on-campus parking information. On July 8, 2008 the University discovered that the labels on that mailing included the addressees’ Social Security numbers.”

    This kind of stuff happens way too often.

  7. Shappie says:


    LOL to that!!

  8. hellinmyeyes says:

    This is just ridiculous. I do the data work for a company that does several hundred thousand mailings a season like these, and it takes some real effort to cause a SNAFU like this. It really does take effort. I understand employees are always under the gun to produce results, but come on. *rolls eyes* I like BCBS but they really should pay through the teeth for this one. This kind of stuff (like the two states earlier this year who mailed SSN’s on the fronts of envelopes) should be punished extensively.

  9. MissPeacock says:

    This may be a dumb question, but couldn’t they be on the hook for some kind of HIPAA violation? An EOB often contains detailed information about a procedure that was performed in a doctor’s office, and if it was sent to someone who was not specified on the form you sign at the doctor’s office, doesn’t that break HIPAA? Or is HIPAA something that mainly pertains to doctors and not to insurance companies?

  10. jenl1625 says:

    You know, at the rate these data breaches are happening, we’ll all have free credit monitoring pretty soon.

    Don’t count on it doing any good. My “free credit monitoring” was Debix. I set it up, then bought a car. Never got a call from Debix . . . . 11 months later, while still “monitored by Debix” had to replace the car (after it was totaled). Again, bought a car without so much as a twinge from my “credit monitor” . . . .

  11. formatc says:

    @MissPeacock: HIPAA does apply, and the article does mention it.

  12. MissPeacock says:

    @formatc: Thanks!

  13. PinkBox says:

    As if the free credit monitoring means anything when you can’t do anything to get rid of the resulting debts that incur?

  14. amed01 says:

    @tedyc03: Yes … yes, yes, yes we are! And we’re sensitive too … so no making fun!

  15. Veeber says:

    Hmm… The tip I sent in about University of Maryland mailing out our SSNs didn’t seem to make it. I wonder if its the same software vendor.

  16. oneon says:

    the system that bcbsga uses to send eobs was just swiched to a company in ohio and only medicare members had there ssn sent out.

  17. Wasn’t it the state of Wisconsin that put the SS# for the person being mailed on the front of the envelope? And didn’t they do this twice?

    At least BCBS kept it on the inside. Small victories!

  18. Phexerian says:

    @MissPeacock: If any data was sent regarding actual health care, then yes HIPAA was violated. They should be fined quite a lot of money if that is the case.

    -3rd Year PharmD / MBA Candidate

  19. douglasmcstewart says:

    @Phexerian, MissPeacock: Name and Address does not count as PHI according to HIPAA, but Social Security Numbers do. And an EOB is full of personal health care information. An Explanation of Benefits is a document that shows exactly what procedures were performed and how much the insurance company paid for them.