Medical firm's files with personal data stolen

July 13, 2005

By Matt Hanson, The Arizona Republic

The personal information of 57,000 Blue Cross Blue Shield of Arizona customers was stolen from a Phoenix-based managed care company.

Arizona Biodyne, an affiliate of Magellan Health Services that manages behavioral health for Blue Cross of Arizona, began last Friday notifying customers and providers whose information was lost in the latest theft in which financial, personal or medical records were taken.

The stolen information included policyholders' addresses, phone numbers, Social Security numbers and dates of birth. They also contained partial treatment histories for some patients and certain information about the doctors who provided that care, Biodyne spokeswoman Erin Somers said.

Most of the people at risk from the Biodyne theft live in Arizona. It is unclear whether the thieves knew what they had when they stole a safe.

Biodyne reported to police on June 29 that a safe containing computer backup tapes was stolen from its office at 8900 N. 22nd Ave., Suite 206.

"There was quite a bit of data on those computer backup tapes," said Somers, when explaining why it took more than a week to start notifying customers. "We wanted to take a hard look and a detailed look at the information that was backed up on the tapes."

Blue Cross is working with Biodyne to notify people whose information might have been in the safe, Blue Cross spokeswoman Regena Frieden said.

"If people's information had been included on the tapes, then they would have received or will receive a letter from Arizona Biodyne," Frieden said.

Biodyne also set up a toll-free number and an e-mail account to answer the questions of people whose information was stolen.

The company declined to make the number and address public, fearing that people who are not at risk would flood them with requests and slow response time to those whose information was stolen.

Joy, who received the notification letter and asked that her full name not be used, said it instructs her to contact a long list of companies and government organizations to make sure her information has not been misused.

"I'm going to call the (Arizona) Department of Motor Vehicles, my bank and all my financial institutions and all the credit agencies," said Joy, who works at a medical office in Mesa.

She added that she has been watching her credit-card statements closely since the financial data breach reported by Atlanta-based CardSystems Solutions Inc. last month.

Biodyne and Blue Cross said it is not clear whether the people who took the safe did so with the intent to use people's personal information.

"Nobody knows whether this information has been accessed, can be accessed or that the thieves even knew what was in the safe," Frieden said.

This is the first time a company working with Blue Cross has had such a problem, she added.

But several other companies have reported personal information stolen in recent months, during a time when concern for identity theft is on the rise.

Even large, high-profile corporations have been hit by major data breaches during recent years. Citigroup Inc., Bank of America Corp. and DSW Shoe Warehouse are among the national companies that have fallen victim.

The last leak in Arizona happened just last month at the Tucson office of CardSystems. The company, which processes credit-card transactions, told the FBI on May 23 and then made public on June 17 what was perhaps the largest data breach in history.

A computer hacker stole the card numbers and three-digit security codes of 40 million cardholders.

Two years earlier, thieves stole computer hard drives from the Phoenix office of TriWest Healthcare Alliance. These computers contained medical records and Social Security numbers for more than 500,000 military personnel.

The best that Biodyne can do for now is to educate those who are at risk, Somers said.

"We want people to be aware of that fact and know what to do if they are concerned," Somers said.

main page ATTRITION feedback