skip to Main Content
Talk to a Security Expert Now: (800) 721-9177

IT Security Blog

Independent research and articles on IT security, healthcare security, and hacking techniques.

Contact Us

A Blue Note: Looking Deeper at the 2009 PHI Breach at BlueCross BlueShield Tennessee

Did BCBST get off easy? Well, they certainly did a good job of damage control. But in today’s environment, I doubt anyone could follow suit. BCBST very likely benefitted from HHS/OCR not being in position to immediately enforce the Breach Rule given that the HITECH Act itself has only just been enacted a few months prior to the breach. Now, some 2½ years later, they’ve had a chance to implement a stronger IT security program, including the encryption of its PHI data-at-rest, a step we at Redspin strongly advocate. Also, no cases of ID theft or fraud have come to light as a result of their breach.
Read More
Back To Top