Massive data breach spurs $6 million encryption effort at BCBS of Tennessee

The company encrypted 885 terabytes of mass data storage; 1,000 Windows, AIX, SQL, VMWare, and Xen server hard drives; 6,000 workstation hard drives and removable media drives; 25,000 voice call recordings per day; and 136,000 volumes of backup tape.

BCBS of Tennessee said it undertook the effort in response to an October 2009 data breach, in which 57 unencrypted hard drives were stolen from a BCBS facility. The hard drives contained audio and video recordings related to customer service phone calls from providers and members, including personal information on around one million members.

BCBS notified all affected members and provided free credit monitoring services to members at a higher risk of identity theft. Next, the company launched an effort to encrypt more than 885 terabytes of data at rest.

The company began by completing an inventory of all the points where data resides within the company, from computer hard drives to servers and removable media devices, such as USB drives and CD/DVD burners. BCBS divided the encryption efforts into six areas of focus and completed the project, which took 5,000 hours of work, in just over a year.

“We searched the country and were unable to find another company that has achieved this level of data encryption,” said Michael Lawley, vice president of technology shared services for BCBS. “In addition to world-class information security technology, we have adopted even stricter policies and procedures that support our ongoing commitment to security. Our members can rest easier knowing we implemented this process to better protect their privacy.”
 

What’s Hot on Infosecurity Magazine?