WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's records, says an AP report.
The Indianapolis company said the problem stemmed from an online program customers can use to track the progress of their application for coverage. It was fixed in March. Spokeswoman Cynthia Sanders said an outside vendor had upgraded the insurer's application tracker last October and told the insurer all security measures were back in place. But a California customer discovered that she could call up confidential information of other customers by manipulating Web addresses used in the program.
Customers use a Web site and password to track their applications. WellPoint learned about the problem when the customer filed a lawsuit about it against the company in March.
WellPoint is the largest commercial health insurer based on membership, with nearly 34 million members. It runs Blue Cross Blue Shield plans in 14 states and Unicare plans in several others. Sanders said the insurer notified customers in most of its states. That includes about 230,000 customers of its Anthem Blue Cross subsidiary in California.
Two years ago, WellPoint offered free credit monitoring after it said personal information for about 128,000 customers in several states had been exposed online, the report says. In 2006, backup computer tapes containing the personal information of 200,000 of its members were stolen from a Massachusetts vendor's office.
WellPoint's latest breach affected only individual insurance customers and not group coverage or people who buy Medicare Advantage insurance. The company will provide a year of free credit monitoring.
I want to hear from you. Tell me how we can improve.
This month in Security magazine, we highlight COVID-19 and infosec's response. How has the sudden shift to remote work changed the roles of CISOs and security teams? Also this month, we profile Justin Dolly, CSO at Sauce Labs, his view on infosec and building security teams. In addition, security experts discuss continuous monitoring, radicalism, quantum technology, endpoint security and more.