Blue Shield discloses 18,000 doctors' Social Security numbers

The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday.

The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the data and were available under the state's public records law.

"Because they did not recognize their error, Blue Shield did not mark the rosters as confidential or otherwise alert the DMHC to the inclusion of the SSNs," the Department of Managed Health Care said in a letter to affected individuals.

The rosters included the Social Security numbers of providers along with their names, business addresses, business telephone numbers, medical groups and practice areas, and were released 10 times as a result of public records requests. Combined with other information, SSNs can be used in identity theft.

The requesters were other insurance companies, their attorneys and two members of the media, said Marta Green, a spokeswoman for DMHC. The department is contacting the requesters to ask that they destroy the CDs that contain the SSNs in return for new CDs with the SSNs deleted.

Typically, such requesters are using the data to evaluate their competitors, she said. As such, there is a low possibility that the data would be used for unscrupulous reasons.

Blue Shield said on Monday that it learned of the mistake after being notified by the Department of Managed Health Care. It has worked with the agency to notify the affected providers and to offer them free credit monitoring for one year, said Sean Barry, a spokesman for the organization.

"We have taken several steps to prevent this mistake from happening again," Barry said.

DMHC said it has instigated new software routines that will attempt to detect when providers make such errors in the future.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com