Investigation into data breach involving Blue Cross Blue Shield members could head to court - DataBreaches.Net

Investigation into data breach involving Blue Cross Blue Shield members could head to court - DataBreaches.Net

Briefly

"BCBSMT, the largest health insurance provider in Montana, said in October that up to 462,000 of its members' data may have been exposed by a "cyber incident" affecting Conduent, a third-party vendor. The company reported the incident to Montana State Auditor James Brown's office, which launched an investigation. Now, BCBSMT is arguing the auditor's actions have been unlawful. The company filed a lawsuit in state district court in Helena, claiming Brown's office doesn't have the authority to pursue an investigation."

"The legal issue seems fairly straightforward: Montana passed a law that went into effect on October 1, 2025 that would require entities to report breaches to the state auditor. Previously, entities like BCBS that are covered by HIPAA were exempt under state notification law if they complied with HIPAA's breach notification rule and requirements. The insurer learned about the breach on July 1, 2025 from Conduent."

"DataBreaches notes that when we first reported on this incident on October 22, 2025, we had found no entry on HHS's public breach tool from BCBSMT or Conduent, although there was a much smaller report from Conduent Business Services on October 8, 2025. As of publication today, we still do not see any entry on HHS's public breach tool from BCBSMT or Conduent."