Blue Shield of California and MESVision Under Investigation for Data Breach of Over 1 Million Patient Records
Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the sensitive personal and health information of over one million patients of Blue Shield of California, a California-based healthcare provider, and Medical Eye Services (“MESVision”), a vision-benefits manager.
According to Blue Shield of California, the company provided its patient records to MESVision, a third-party vendor that manages its vision services. MESVision then used a third-party file transfer program called MOVEit, which attackers exploited using a security vulnerability reportedly present in software versions dating back to 2021. On May 28 and 31, 2023, hackers accessed MESVision’s systems and stole the private personal and health information of Blue Shield’s customers, as well as the customers of other health insurers.
Blue Shield of California recently informed patients that the following personal and health information may have been stolen in the breach: names; birthdates; addresses; subscriber and group numbers; Social Security numbers; and vision provider information, including ID and claim numbers, treatment and diagnosis information, and cost data.
Although the breach occurred over three six months ago, Blue Shield of California and MESVision only began notifying impacted patients on or around November 17, 2023, which may have violated state and federal laws.
If your personal information was stolen in the breach, you may be at risk of identity theft and other serious violations of your privacy. As a result, you may be entitled to money damages of $1,000 per violation and an injunction requiring changes to Blue Shield of California’s and MESVision’s cybersecurity practices.
If you received notification of this data breach or are a patient of Blue Shield of California and wish to obtain additional information about your legal rights, please complete the form below for a free legal consultation.