Blue Cross Blue Shield of Tennessee has agreed to pay a $1.5 million fine to the U.S. Department of Health and Human Services following the 2009 theft of 57 unencrypted hard drives containing more than 1 million individuals' protected health information.

"According to a Blue Cross Blue Shield statement released Tuesday, the settlement covers the 2009 theft of the hard drives from a data storage closet at a former Blue Cross call center located in Chattanooga," writes InformationWeek's Nicole Lewis. "The hard drives contained audio and video recordings related to customer service telephone calls from providers and members, and included personal information such as member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers."

"Since the theft was uncovered in late 2009, the company has spent nearly $17 million in investigation, notification and protection efforts," Lewis writes.

Go to "Data Theft Costs Tennessee Blue Cross Big Bucks" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.