Independence Blue Cross on Monday disclosed a data breach affecting roughly 17,000 people that was caused by an employee who uploaded member information to a public website.
The Philadelphia-based health insurer said members' names, birth dates, diagnosis codes, provider identifications, and other information used to process claims were exposed on the website between April 23 and July 20.
The incident did not involve social security numbers, financial data, or credit information, Independence said in a news release.
The insurer said less than 1 percent of its 2.8 million members were affected. Most of the affected members live in Pennsylvania and New Jersey, though some live in other states, an Independence spokesman said.
Independence said it can't determine whether protected health information was accessed and is unaware of any misuse of the data.
Independence said it is notifying affected members and offering 24 months of free credit monitoring and identity protection services.
The insurer said "appropriate action" was taken with the employee who uploaded a file with member information to the public website.
"Information privacy and security are among Independence's highest priorities," Independence said in a statement. "Upon learning of this incident, Independence quickly took steps to ensure the file was permanently removed from the website. Independence reviewed company policies and procedures and implemented additional technical controls to help prevent future incidents of this kind."