Blue Shield of California reports MOVEit related data breach, exposing patient data

Blue Shield of California experienced a cyberattack by the Clop ransomware group, resulting in the theft of sensitive member data from a server managing vision care data between May 28 and May 31. The attack exploited a vulnerability in the MOVEit file-transfer tool, used globally for secure data transfer

The breach, discovered by a third party vendor in August and reported to Blue Shield in September, compromised members' personal information including:

• names,
• birth dates,
• Social Security numbers,
• addresses,
• vision health care details.

The number of affected individuals is not disclosed.

Update - at the end of 2024, Blue Shield reported that they have sent out data breach notification letters to 650,000 individuals.

Following the breach, Blue Shield has set up a dedicated call center and offered free credit monitoring with identity restoration services to affected members.