Tens of thousands of doctors under contract with Pittsburgh's Highmark Inc. are being notified that their personal information, including Social Security numbers or tax ID numbers, may have been compromised when a laptop containing sensitive data was stolen from a Blue Cross-Blue Shield Association employee.

Physicians and specialists in western and central Pennsylvania are being notified of the breach this week, according to a Highmark spokesman. Across the country, the number of affected doctors is expected to reach the hundreds of thousands once a review of the theft is complete, said national Blue Cross-Blue Shield Association spokesman Jeff Smokler.

The stolen computer did not contain patient information.

The letter sent to Highmark providers said "a BCBSA employee [transferred] provider data information onto a personal laptop, in violation of BCBSA's established data security policies." The laptop was then stolen but, according to the letter, "we have no evidence at this time that the information on the stolen laptop has been misused." The association "sincerely regrets this loss of data."

Highmark wrote the letters last week and sent them on Monday. Similar letters were sent to numerous Blue Cross-Blue Shield-affiliated providers, not just Highmark's providers.

In all, 39 Blue Cross-Blue Shield plans were affected.

The personal data could be misused in a conventional way -- that is, Social Security numbers and names could be used to steal identities, apply for credit cards or take out loans. And the data could be used in a more sophisticated way -- because the doctors' National Provider Identifier numbers also were stolen, that information could theoretically be used to submit false health insurance claims, said John Krah, executive director of the Allegheny County Medical Society.

"That's certainly a concern," Mr. Smokler said, "which is why we're offering a year of free credit monitoring."

Usually, personal data is encrypted, but this data had been unencrypted before it was transferred from the association's Chicago offices onto the personal computer.

The computer was then stolen from an automobile. The theft happened in August, but doctors are only now learning of it.

The Boston Globe reported that the data breach might be most serious in Massachusetts, because in that state, doctors use their own Social Security numbers as their business tax identification number.

In other states, that doesn't happen as often -- about 16 percent to 18 percent of Blue Cross-Blue Shield-affiliated physicians use their personal Social Security numbers for business purposes.

This is the largest Blue Cross-related data breach of recent memory. Past breaches have involved individual plans -- such as Blue Cross Blue Shield of Western New York, and Blue Cross & Blue Shield of Louisiana -- but not multiple plans across the country.

The data breach is disconcerting because of "the vast quantity of data that we have," said Mr. Smokler, but "electronic records are far more secure than paper records.

I feel a lot safer that my information is encrypted in computer than on a paper in my doctor's office, where the janitor can see it."

"Money Q&A" and "Company Town" are featured exclusively at PG+, a members-only web site of the Pittsburgh Post-Gazette. Our introduction to PG+ gives you all the details.