Young Consulting and Blue Shield of California Under Investigation for Data Breach of Over 954,000 Patient Records
Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the private information of 954,177 subscribers of Blue Shield of California, a California-based healthcare provider, which were provided to Young Consulting LLC, a Georgia-based risk-management firm.
On or about August 26, 2024, Young Consulting announced that an unauthorized actor gained access to its computer network in April 2024 and downloaded copies of certain files. Young Consulting determined that this data belonged to Blue Shield of California subscribers.
According to news reports, in early May, the BlackSuit ransomware gang added Young Consulting to its Tor-based leaks site, claiming that it had stolen business, employee, financial, and other data. BlackSuit has since reportedly made that stolen data available for download on its website, likely because Young Consulting did not pay a ransom.
Young Consulting has informed Blue Shield of California subscribers that the following private information may have been stolen in the breach: names, Social Security numbers, dates of birth, and insurance claim information.
Although the breach occurred over four months ago, Young Consulting and Blue Shield of California only began notifying impacted subscribers on or around August 26, 2024, which may have violated state and federal laws.
If your private information was stolen in the breach, you may be at risk of identity theft, financial fraud and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to the companies’ cybersecurity practices.
If you received notification of this data breach or are a Blue Shield of California subscriber and wish to obtain additional information about your legal rights, please complete the form below.