Information of more than 9,000 people potentially exposed in Blue Cross and Blue Shield of Illinois data breach

Lisa Schencker, Chicago Tribune on Apr 28, 2025

By clicking submit, I authorize Arcamax and its affiliates to: (1) use, sell, and share my information for marketing purposes, including cross-context behavioral advertising, as described in our Privacy Policy , (2) add to information that I provide with other information like interests inferred from web page views, or data lawfully obtained from data brokers, such as past purchase or location data, or publicly available data, (3) contact me or enable others to contact me by email or other means with offers for different types of goods and services, and (4) retain my information while I am engaging with marketing messages that I receive and for a reasonable amount of time thereafter. I understand I can opt out at any time through an email that I receive, or by clicking here

The personal information of more than 9,300 people may have been exposed in a recent data breach at health insurer Blue Cross and Blue Shield of Illinois, according to the company.

Blue Cross and Blue Shield of Illinois became aware of the problem in February, according to a notice posted on the health insurer’s website. An unauthorized person may have viewed individuals’ personal health information through the insurer’s online portal for members, called Blue Access for Members, between Nov. 8 and March 5, according to the notice. The breach was related to member account registrations, according to Blue Cross and Blue Shield of Illinois.

Compromised personal information might include names, addresses, dates of birth, service dates, telephone numbers, email addresses, medical record numbers, account numbers, medical/dental service and billing information, according to the notice.

Blue Cross said in the notice that it has no reason to believe anyone has accessed or misused the information but is encouraging members to review any explanations of benefits they receive and offering a free one-year membership in an Experian identity protection service.

Members with questions can call the number listed on their ID cards. Blue Cross and Blue Shield of Illinois is the largest health insurer in Illinois, with millions of members.

“Blue Cross and Blue Shield of Illinois takes the security and privacy of our member and employee data very seriously,” Blue Cross and Blue Shield of Illinois said in a statement. “We apologize for any concern and inconvenience this issue may cause our members.”

The U.S. Department of Health and Human Services Office for Civil Rights website showed recent breaches at Blue Cross and Blue Shield of Illinois and at Health Care Service Corporation, which is the Chicago-based parent company of Blue Cross and Blue Shield of Illinois. .

Three other Health Care Service Corporation entities — Blue Cross and Blue Shield organizations in Texas, Oklahoma and New Mexico — also posted notices on their websites warning their members about the breach.

“We take the security and privacy of our member and employee data very seriously,” Health Care Service Corporation said in a statement.

Health providers must legally report breaches of protected health information involving 500 or more people to the U.S. Department of Health and Human Services Office for Civil Rights, which posts reports on a public website.

Such breaches have become increasingly common in recent years as cybercriminals target health care systems, partly because of their size and the wealth of information they hold about individuals.

Loretto Hospital on Chicago’s West Side recently reported that the personal information of more than 500 people may have been compromised in a hacking incident there.

Last year, cyber criminals attacked Chicago’s Lurie Children’s Hospital, and it took more than a month for Lurie to get all of its systems back online after the attack. Health system Ascension, which had 14 hospitals in Illinois last year, also was the target of cybercriminals last year.

____