Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Blue Cross Blue Shield Association

Blue Cross Blue Shield Association Vendor Cyber Rating & Cyber Score

bcbs.com

The Blue Cross and Blue Shield Association is a national federation of independent, community-based and locally operated Blue Cross and Blue Shield companies that collectively provide health care coverage for one in three Americans. BCBSA provides health care insights through The Health of America Report series and the national BCBS Health Index.


BCBSA A.I CyberSecurity Scoring

BCBSA
Company Information
Website:http://www.bcbs.com
Employees number:5,386
Number of followers:260,104
NAICS:524
Industry Type:Insurance
Homepage:bcbs.com
BCBSA Risk Score (AI oriented)
Between 600 and 649
logo
BCBSAInsurance
Updated:
02/04/2026
641/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
BCBSA Global Score (TPRM)
xxxx
logo
BCBSAInsurance
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

BCBSA
BCBSAPoor
Current Score
641Caa (POOR)
01000
3 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
649Before Incident
JUNE 2026
647Before Incident
MAY 2026
644Before Incident
APRIL 2026
642Before Incident
MARCH 2026
639Before Incident
FEBRUARY 2026
638Before Incident
JANUARY 2026
635Before Incident
DECEMBER 2025
632Before Incident
NOVEMBER 2025
630Before Incident
OCTOBER 2025
627Before Incident
SEPTEMBER 2025
624Before Incident
AUGUST 2025
621Before Incident
JANUARY 2025
678Before Incident
Breach
01 Jan 2025BCBSA
Blue Cross Blue Shield of Montana (BCBSMT)

Blue Cross Blue Shield of Montana Data Breach via Third-Party Vendor (Conduent)

595After Incident
CRITICAL-83
BLU3202332102425
A data breach at Blue Cross Blue Shield of Montana (BCBSMT) was caused by a cyber incident at its third-party vendor, Conduent, which provides back-office services. The breach, detected in January 2025, involved unauthorized access by a threat actor who exfiltrated files containing personal information of 462,000 BCBSMT members. Conduent delayed notifying federal regulators for four months and BCBSMT members for nearly 10 months, raising concerns over compliance with Montana’s breach notification laws. The stolen data included sensitive member information, though Conduent claimed no evidence of it being leaked on the dark web. BCBSMT’s own systems were not directly compromised, but the vendor’s breach exposed member data due to their business relationship. Montana regulators are investigating potential reporting delays, with fines up to $25,000 per violation possible. Conduent incurred $25 million in direct response costs, including cybersecurity forensics and notifications, while maintaining that operations were restored quickly without material disruption.
INCIDENT DETAILS -
TYPE
Data BreachThird-Party Vendor CompromiseUnauthorized Access
IMPACT
Conduent's systems (limited portion)Operational disruption on 2025-01-13Restored within days/hoursDisruption to back-office servicesNo material impact to Conduent's operationsPotential reputational damage to BCBSMT and ConduentRegulatory scrutiny for delayed notificationsPotential fines up to $25,000 per violation under Montana state lawPersonal information of 462,000 BCBSMT members exposed
DATA BREACH
Personal informationNumber Of Records Exposed: 462,000 (BCBSMT members)High (personal information)
NOVEMBER 2024
754Before Incident
Breach
08 Nov 2024BCBSA
Montana Blue Cross-Blue Shield (BCBSMT)

Montana Blue Cross-Blue Shield Data Breach via Third-Party Vendor Conduent

675After Incident
CRITICAL-79
BLU1802218102325
Montana Blue Cross-Blue Shield (BCBSMT) suffered a major data breach via a third-party vendor, Conduent, which exposed the private data of 462,000 customers—nearly one-third of Montana’s population. The breach, occurring between November 8, 2024, and March 5, 2025, involved the exfiltration of highly sensitive information, including names, addresses, birth dates, billing and medical data, phone numbers, and other confidential details. While BCBSMT’s own systems remained unaffected, the incident stemmed from Conduent’s cybersecurity lapse, which processed mailroom, payment, and back-office services for the insurer. The breach triggered a state-level investigation by Montana’s Commissioner of Securities and Insurance, citing ‘far-reaching and jaw-dropping consequences’ for residents. Authorities emphasized the violation of trust in safeguarding health and financial data, with potential legal repercussions, including fines up to $25,000 per violation if negligence is proven. As of the report, no customer notifications had been issued by Conduent, heightening concerns over delayed response and exposure risks. The incident underscores critical vulnerabilities in third-party vendor security and the large-scale impact on personal and financial privacy.
INCIDENT DETAILS -
TYPE
data breachthird-party breachdata exfiltration
IMPACT
namesaddressesbirth datesbilling datamedical dataphone numbersother sensitive informationConduent systems (third-party vendor)Conduent reported bottom-line impact due to notification and potential costs (per SEC filings)Severe; described as 'deeply disturbing' with 'far-reaching and jaw-dropping consequences' by Montana Auditor James BrownPotential fines up to $25,000 per violation if misconduct or non-compliance is foundHigh; customers urged to monitor financial activityCompromised (billing data exposed)
DATA BREACH
personal datafinancial datahealth dataNumber Of Records Exposed: 462,000Sensitivity Of Data: high (includes health and financial information)Data Exfiltration: yes (confirmed by Conduent in January 2025)namesaddressesbirth datesphone numbers
SEPTEMBER 2019
772Before Incident
Breach
28 Sep 2019BCBSA
Blue Cross Blue Shield Association

Blue Cross Blue Shield Association Data Breach via fepblue Mobile App

715After Incident
LOW-57
BLU721082025
The California Office of the Attorney General disclosed a data breach affecting Blue Cross Blue Shield Association (BCBSA) in December 2019. The incident stemmed from a programming error in the fepblue mobile app, which inadvertently allowed certain adult members to access summary claims information of other users between September 28, 2019, and October 22, 2019. While the exact number of impacted individuals remains undisclosed, the breach did not expose sensitive data such as Social Security Numbers (SSNs) or financial details. The exposed information was limited to claims summaries, suggesting no direct financial harm or identity theft risk. BCBSA addressed the vulnerability by correcting the error and notifying affected parties, though the incident highlighted gaps in application security and access controls. The breach was classified as unintentional, with no evidence of malicious exploitation by external actors.
INCIDENT DETAILS -
TYPE
Data Breach (Unauthorized Access)
IMPACT
Summary Claims Informationfepblue Mobile AppBrand Reputation Impact: Potential (Public Disclosure)Identity Theft Risk: Low (No SSN/Financial Data Exposed)Payment Information Risk: None
DATA BREACH
Summary Claims InformationNumber Of Records Exposed: UnknownSensitivity Of Data: Moderate (No PII/Financial Data)Data Exfiltration: No (Unauthorized Viewing Only)Personally Identifiable Information: None

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for BCBSA ?
?
What was BCBSA's A.I Rankiteo Cyber Score in June 2026 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in May 2026 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in April 2026 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in March 2026 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in February 2026 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in January 2026 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in December 2025 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in November 2025 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in October 2025 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in September 2025 ?
?
What was BCBSA's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on BCBSA's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with BCBSA ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view BCBSA's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?