Social Security numbers for nearly every doctor in North Carolina were stolen this summer, but many just recently found out about the security breach.
Doctors received letters from Blue Cross Blue Shield of North Carolina this month telling them that an employee for the national business affiliate in Chicago transferred their names, tax identification numbers, and numbers used for billing to a personal laptop that was later stolen. In about 20,000 cases, North Carolina doctors used Social Security numbers as tax identification numbers.
Nationwide, about 18 percent to 22 percent of doctors use Social Security numbers as tax IDs, said Kelly Miller, spokeswoman for the Blue Cross Blue Shield Association. As of Monday, no one had reported illegal use of personal information, she said. The association is the national group to which the state Blue Cross Blue Shield companies belong.
The security breach affected all doctors that do business with Blue Cross Blue Shield of North Carolina, the state's largest health insurer. North Carolina has 21,641 licensed doctors, according to the N.C. Medical Board.
The laptop, stolen from a car in Chicago, had information on 850,000 doctors nationwide. Information on the laptop was not encrypted. The employee reported it stolen in late August.
The national Blue Cross Blue Shield group is offering doctors whose Social Security numbers were stolen, including the 20,000 in North Carolina, free credit monitoring.
No patient information was on the laptop, said Lew Borman, spokesman for Blue Cross Blue Shield of North Carolina. It would be impossible to fraudulently bill for medical services using the stolen information, he said.
"We're making moves to inform folks of what their opportunity is for credit monitoring," he said. "Obviously, it's a great concern."
Miller said the national affiliate told the state offices about the security breach as soon as they found out about it in August. Some state doctors did not hear about it, though, until mid-October, when the state office sent them letters.
Borman said the office needed time to cross-reference addresses to make sure it didn't send duplicate letters.
The office asked professional associations, including the N.C. Medical Society, the N.C. Hospital Association, and an association for office managers to spread the word about the security breach before the formal letters went out, he said.
Word still hadn't reached everyone. Carolyn Scruggs, executive director of the Mecklenburg County Medical Society, said Monday she had not heard of the security breach.
The N.C. Medical Society posted the Blue Cross notice as it was asked, spokesman Mike Edwards said, but it has not offered doctors advice on how to respond to the problem.
When he heard about the stolen data, the president of the Massachusetts Medical Society, Dr. Mario Motta, suggested doctors who use their Social Security numbers for tax identification change their tax IDs.
It's easy to change the number, Motta said. The problem is that once a doctor switches, it takes more time for insurers to pay claims, he said.
"They should make every effort to make this as seamless as possible," he said. "This isn't a request just for convenience. This is a request because they had a breach."
