Your health insurance company has a lot of information about you. That's no surprise. Health insurance providers need access to all sorts of personal medical information to provide us with the services we pay for. And, we trust that they'll keep that information safe. But, one recent Blue Cross email snafu contained sensitive customer medical information that could be exposed for nearly anyone to see.
Earlier this week, some customers got emails from Anthem Blue Cross that accidentally included sensitive personal information in the subject line. Anthem Blue Cross is a subsidiary of Wellpoint and has about 800,000 customers in California.
But the emails’ subject lines included member-specific demographic details like age range and language. They also listed possible medical screening tests — marked “Y” for recommended tests and “N” for tests not listed in the email.
One Anthem Blue Cross subscriber received an email that started normally with the subject "Don’t miss out — call your doctor today". But, following that statement it also included information about her cervical cancer, mammogram and colonoscopy history.
These customers were sent personal information about themselves, so it might not sound like a big deal. But, it actually is a fairly serious security problem.
This situation is a problem because an email subject line is much easier to compromise than your health insurance company's servers where most of your information is stored. In fact, many health insurance providers are setting up portals online where you can read your messages instead of relying on email.
This is scary because you don't want your medical history falling into the wrong hands. Health insurance companies also have access to billing and Social Security information, so you don't want that kind of data accidentally included in a hackable email, either.
“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.
Email is a great and efficient way to communicate with people online, but I would always shy away from sending sensitive personal information or banking info in an email because most programs just don't have the security required for those kinds of messages. But, if you do need to send sensitive info over email use this service that sends encrypted messages that self-destruct after they're read.