Did you receive one of those letters telling you your information had been compromised - but the company that lost it is calling themselves the "victim?" Sounds suspicious doesnt it? That is what is happening with Blue Cross Blue Shield of Illinois (BCBSIL) and a vendor of theirs, Conduent.
People on Reddit are speculating how BCBSIL is saying they were not hacked, but that Conduent was - somehow you lost your privacy, but BCBSIL is calling themselves the "victim". Let's break down what is going on
Earlier this year, Conduent and their systems were hacked. Conduent exposed a lot of PHI for individuals covered under BCBSIL.
Here is the odd part:
• To deflect blame: If they say, “our vendor was hacked,” that presents them in a less careless light than if they say, “we were unable to protect your data.”
• To protect their reputation: “We were victims too,” is softer than “we failed to protect your data.”
• For legal purposes: If they admit fault, they open themselves to bigger lawsuits and fines.
Overall, it is a matter of shifting the narrative. They want to sound like they were hacked, just like everyone else, rather than own up to mistakes.
While it can be true that vendors like Conduent can be hacked without the hack having a direct link to the main company, it really does not matter. BCBSIL trusted Conduent with your data. They now share in the responsibility.
This episode is a brutal reminder that even companies with as much money and size as BCBSIL can miss the state of our information.
People on Reddit are speculating how BCBSIL is saying they were not hacked, but that Conduent was - somehow you lost your privacy, but BCBSIL is calling themselves the "victim". Let's break down what is going on
What Does It Mean
Conduent is a vendor for BCBSIL, and assists BCBSIL with several operational tasks like billing, customer outreach, and data. Essentially they are doing the daily operational work behind the scenes.Earlier this year, Conduent and their systems were hacked. Conduent exposed a lot of PHI for individuals covered under BCBSIL.
Here is the odd part:
- BCBSIL pointed out their systems were intact along with all things with BCBSIL. The issue was with Conduent.
- They referred to themselves a "victims of a cyberattack" even though your information was what was breached.
- People are upset over this since it seems as if they are deflecting responsibility and not owning the breach.
Why They Are Calling Themselves Victims
So why is a large business or organization saying that? There are a few reasons:• To deflect blame: If they say, “our vendor was hacked,” that presents them in a less careless light than if they say, “we were unable to protect your data.”
• To protect their reputation: “We were victims too,” is softer than “we failed to protect your data.”
• For legal purposes: If they admit fault, they open themselves to bigger lawsuits and fines.
Overall, it is a matter of shifting the narrative. They want to sound like they were hacked, just like everyone else, rather than own up to mistakes.
My Honest Opinion
This feels like a PR stunt to me. If I were in their shoes, I would just say “We apologize, this is what has happened, and this is how we are going to protect you.” I do not like how they say, "We are victims too."While it can be true that vendors like Conduent can be hacked without the hack having a direct link to the main company, it really does not matter. BCBSIL trusted Conduent with your data. They now share in the responsibility.
The Bottom Line
Conduent and BCBSIL may say they are "victims," but you are the harmed party who had your information compromised. The takeaway is to be vigilant, to watch your accounts.This episode is a brutal reminder that even companies with as much money and size as BCBSIL can miss the state of our information.
