The Dental Network -- a CareFirst BlueCross BlueShield dental HMO -- exposed the personal information, including Social Security numbers, on a public Web site last month but didn't notify members until three weeks later, the Baltimore Sun reported Wednesday. The information was on Dental Network's site for about two weeks because of a technical error.
CareFirst said as far as it knows no one misused the information, but "the risk ... should be taken seriously." It offered members a year of free credit monitoring, as well as information about placing fraud alerts on their accounts by contacting the three credit bureaus.
"We moved in a timely fashion to secure the data and notify the members," CareFirst spokesman Michael Sullivan said Tuesday.
The Dental Network discovered the security breach Feb. 20 and alerted members in a March 10 letter, CareFirst said. The HMO said the problem resulting in the breach has been resolved.