Finding out your healthcare information was compromised in a data breach is not unlike getting sucker punched. Recently, Blue Shield of California (BSca) experienced a breach and as a result, any number of their 5 million members did as well. The healthcare company recently released a data breach notice answering many of the questions their members want and need explained.

Why It Happened

BSca learned the incident happened between April 2021 and January 2024 (Whoa! That’s a big range) and may have involved those who visited their websites during then. They began notifying “certain members” that their protected health information (PHI) may have been involved. The PHI collected includes types of insurance and group number; city and zip code; patient name and financial responsibility.

The healthcare company did use a third-party vendor service to track members visiting Blue Shield websites, all to improve member services. BSca reports there was no compromise of PII like Social Security and driver’s license numbers, and the same goes for banking and credit cards.

What Happened

The third-party vendor BSca used to track member data is Google Analytics. The way this Google service was configured allowed their Analytics to share certain member data with Google Ads. Knowing a hacker wasn’t behind the breach and the data stayed within Google, is reassuring news. Fortunately, it was a kind of “breach of trust” and nothing malicious. Members might find some comfort in that, but only time will tell.

This and many other data breaches are a reminder of what can happen when the information you provide an organization is out of your hands and into theirs. In particular, hackers like targeting third-party services for the sensitive data they hold, and many lack the proper security to avoid a breach.

Below are a few steps BSca says members should do to protect themselves in a breach situation. These steps are also valuable if you find yourself a victim of any data breach.

• Closely review account statements and credit reports, looking for any suspicious activity. Immediately inform the financial institution or company about the affected account, as well as law enforcement.

• Get a copy of your credit report. You can get one free once a year, or contact one of three credit agencies to purchase a copy of your report. You can also go to annualcreditreport.com to order them.

• Members should consider putting a fraud alert directly on their credit report. The first one is free and lasts about 90 days while also alerting creditors of possible fraudulent activity.

• Consider freezing your credit. You freeze and unfreeze at any time at no charge. If it’s frozen, it will prevent credit being opened in your name by anyone, even you. So, keep that in mind if you need to get a loan, for example.

• As data breaches continue to increase everywhere, keeping a regular check on your finances can alert you if you’re involved in one…and don’t wait to take action.