Texas Attorney General Ken Paxton is investigating BCBS Texas and business services provider Conduent in the wake of a data breach, according to a Feb. 12 news release.
The breach spanned Oct. 21, 2024, through Jan. 13, 2025. Names, birthdates, addresses, Social Security numbers and medical and insurance information may have been accessed.
“The Conduent data breach was likely the largest breach in U.S. history,” Mr. Paxton said in a statement. “If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it.”
Mr. Paxton is requesting documentation and evidence from BCBS Texas to ensure the company abides with state law. He is also assessing Conduent’s security and compliance.
“We’re aware that Conduent discovered they were the victim of a cyber incident. Conduent is a BCBSTX third-party service provider that offers mailroom, payment and other back-office support services. We received data from Conduent and through our data evaluation, we’ve determined there was BCBSTX member impact as a result of Conduent’s cyber incident,” a Feb. 12 insurer statement shared with Becker’s said. “Blue Cross and Blue Shield of Texas systems were not impacted by this incident. BCBSTX is committed to supporting our members and helping them navigate through this incident.”
BCBS Texas did not address how many members had data exposed in the breach.
Health Care Service Corp. owns both BCBS Texas and BCBS Montana, another insurer affected by the data breach. The Montana Office of the Commissioner of Securities and Insurance led an administrative hearing Jan. 22 after the insurer unsuccessfully attempted to secure a temporary restraining order to block the meeting.
The data breach also affected Premera Blue Cross and Humana.
