US healthcare provider Premera Blue Cross has suffered a data breach that resulted in a potential compromise of personal, financial and health-related information of as many as 11 million applicants and members.
The breach was detected on January 29, 2015, and the investigation mounted by the company and by forensic investigators from Mandiant has revealed that the initial attack happened on May 5, 2014. The FBI has also been notified, and is involved in the investigation.
“This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solutions, Inc.,” the company shared on a website dedicated to providing information about the breach to customers.
“Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.”
“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately,” they noted.
The breach also affected Premera subsidiaries LifeWise Health Plan of Washington, LifeWise Health Plan of Oregon and LifeWise Assurance Company, as well as LifeWise Health Plan of Arizona, which no longer does business in that state.
The potentially compromised information dates back to 2002.
The company has begun notifying affected members via letters, and is offering them two years of free credit monitoring and identity theft protection services. They also warned them about unsolicited emails and phone calls that might come from phishers trying to impersonate the company and extract information directly from the victims. “Premera will not email members regarding this attack,” they concluded.
Premera calls this breach a result of a “sophisticated cyberattack.” It’s curious to note that discovery of it was made on the same day that Anthem discovered its own IT system had been breached.
Premera spokesman Eric Earling commented for the NYT that the two attacks are unrelated and that they have discovered the breach themselves, but there seem to be indications that the group responsible for the Anthem breach might also be the one that hit Premera.