New Health Breach: 470,000 exposed

The nation’s largest health insurer has notified 470,000 insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in a breach of the insurer’s records.

Officials with WellPoint Inc., which runs BlueCross BlueShield plans in more than a dozen states, said last week that the problem stemmed from an online program that customers can use to track progress on their application for insurance coverage, according to a report by CBS News.

According to WellPoint officials, a California customer learned she could find private information for other customers by manipulating Web addresses used in the program. WellPoint officials said the problem happened when security measures weren’t reinstated properly following an October 2009 upgrade of the Web site and program.

WellPoint spokeswoman Cynthia Sanders said WellPoint officials learned of the problem when the customer filed a lawsuit against the company in March — and “within 12 hours of knowing the problem existed, we fixed it.”

Sanders said the company believes a "vast majority" of the unauthorized access of customer information came from the plaintiff and her attorneys.

WellPoint has sent letters to customers who may have been affected and offered a free year of identity theft protection services.

The WellPoint breach is only one of many that have occurred in recent years with health insurers. In one of the larger breaches, BlueCross BlueShield of Tennessee officials said earlier this year that personal information for almost one million current and former members was exposed last year after 57 BlueCross BlueShield computer hard drives were stolen from a Chattanooga customer service storage area.