Incident with vendor causes Blue Cross Blue Shield’s employees pension information to be breached

Incident with vendor causes Blue Cross Blue Shield’s employees pension information to be breached

https://healthitsecurity.com/news/bcbs-of-massachusetts-reports-third-party-vendor-data-breach

Exploit: Supply Chain Risk
Blue Cross and Blue Shield (BCBS) of Massachusetts: Insurance Company

risk-to-business-img-r1

Risk to Business: 1.701 = Severe

Blue Cross and Blue Shield (BCBS) of Massachusetts has filed a notice with the Maine Attorney General’s Office stating that the company had suffered a breach of employee pension data thanks to an insider incident at a vendor, LifeWorks US. BCBS of Massachusetts and BCBS of Massachusetts HMO Blue used the vendor for services related to employee pension plan payments. BCBS says that on May 17, 2022, a now former LifeWorks employee mishandled data by emailing spreadsheets containing identifiable information about BCBS employees to both their personal email address and the personal email address of another former LifeWorks employee.

risk-to-business-img-r1

Individual Impact:

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Supply chain risk is an ongoing problem that won’t be going away anytime soon, and cybercrime doesn’t even have to be involved for it to damage a business.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.