Premera Blue Cross Reports Cyberattack Affecting More Than 11M
March 18, 2015 in News
On Tuesday, Premera Blue Cross — a health insurer based in Washington state — announced a massive cyberattack that occurred in May 2014 and might have exposed the personal information of more than 11 million individuals, the Washington Post‘s “The Switch” reports (Peterson, “The Switch,” Washington Post, 3/17).
News of the cyberattack comes just six weeks after health insurer Anthem revealed that hackers had breached a database containing the personal information of about 80 million of its customers, former customers and employees. The Anthem hack is believed to be the largest in health care industry history.
Premera Cyberattack Details
Premera discovered evidence of the attack — believed to be the second-largest in health care history — in January, and further investigation found that the attack itself had occurred on May 5, 2014. The compromised system included data on Premera Blue Cross, Premera Blue Cross and Blue Shield of Alaska, and Premera affiliates Vivacity and Connexion Insurance Solutions (Rubenfire/Conn, Modern Healthcare, 3/17).
According to the Wall Street Journal, the compromised system contained information dating back to 2002 for Premera’s:
- Current and former members;
- Current and former employees; and
- Vendors (Wilde Mathews, Wall Street Journal, 3/17).
The information stored included individuals’:
- Bank account information;
- Birth dates;
- Claims data, including clinical information;
- Email addresses;
- Mailing addresses;
- Member identification numbers;
- Social Security numbers; and
- Telephone numbers (Modern Healthcare, 3/17).
According to Reuters/New York Times, about six million of the affected individuals live in Washington, while the remainder live across the U.S.
Premera is working with the FBI and has hired FireEye to investigate the situation (Reuters/New York Times, 3/17). So far, investigators have not determined who launched the attack, according to the Journal (Wall Street Journal, 3/17). Further, authorities have been unable to determine whether records were removed from the system, and they have found no evidence that the data have been used inappropriately.
Mac McMillan, a health care security expert and founder of CynergisTek, said it is possible but unlikely that hackers were able to download the data without leaving evidence that they had done so. He explained that typically high-level administrators are the only people with the ability to eliminate audit trails.
Premera has started to mail letters to affected customers and will offer two years of no-cost credit monitoring and identity theft protection. In addition, the company has created a call center and a website to share information about the incident.
Premera CEO Jeff Roe said, “We at Premera take this issue seriously and sincerely regret the concern it may cause.” He added, “As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people’s information” (Modern Healthcare, 3/17).
Premera spokesperson Eric Earling said the company believes the Premera and Anthem incidents were “different cyberattacks” (Wall Street Journal, 3/17).