https://healthitsecurity.com/news/bcbs-of-massachusetts-reports-third-party-vendor-data-breach
Exploit: Supply Chain Risk
Blue Cross and Blue Shield (BCBS) of Massachusetts: Insurance Company
Risk to Business: 1.701 = Severe
Blue Cross and Blue Shield (BCBS) of Massachusetts has filed a notice with the Maine Attorney General’s Office stating that the company had suffered a breach of employee pension data thanks to an insider incident at a vendor, LifeWorks US. BCBS of Massachusetts and BCBS of Massachusetts HMO Blue used the vendor for services related to employee pension plan payments. BCBS says that on May 17, 2022, a now former LifeWorks employee mishandled data by emailing spreadsheets containing identifiable information about BCBS employees to both their personal email address and the personal email address of another former LifeWorks employee.
Individual Impact:
No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Supply chain risk is an ongoing problem that won’t be going away anytime soon, and cybercrime doesn’t even have to be involved for it to damage a business.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.