Breach Notification , Breach Response , Data Breach

Another Massive Health Data Hack

Premera Blue Cross Is the Latest Victim
Another Massive Health Data Hack

Premera Blue Cross, a health plan in the Pacific Northwest, says it's notifying 11 million individuals about a cyber-attack that exposed personal information.

See Also: Eight Capabilities IT Pros Should Look for in a CASB

The March 17 announcement of the hacking attack against Premera comes about six weeks after Anthem Inc., which operates Blue Cross and Blue Shield plans, announced the biggest health data breach to date, a hacker attack affecting 78.8 million individuals. That breach was just posted on the Department of Health and Human Services' tally of major breaches (see Anthem Hack Now Tops 'Wall of Shame').

If HHS confirms details of the Premera hacking incident, it would become the second largest breach on the federal tally.

In a statement, Premera, based in Mountlake Terrace, Wash., says the company on Jan. 29 discovered that cyber-attackers had executed a sophisticated attack to gain unauthorized access to its IT systems.

"Premera's investigation further revealed that the initial attack occurred on May 5, 2014," says the statement. "As part of its investigation, Premera notified the FBI and is coordinating with the bureau's investigation into this attack," the company says. Premera also worked closely with cybersecurity firm Mandiant to conduct a comprehensive investigation of the incident and to remove the malware used in the attack.

An FBI spokeswoman tells Information Security Media Group: "The FBI is investigating the Premera cyber-intrusion and is working with the victim company in order to determine the nature and scope of this incident."

Individuals contacted by Premera should take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI's Internet Crime Complaint Center, the spokeswoman says.

"Premera's response in quickly notifying the FBI after observing suspicious network activity is a model for other companies facing cyber-intrusions, as rapid notification allows the FBI to quickly deploy our cyber experts to preserve evidence and work with a company's incident responders to help recover their networks," she says.

The FBI spokeswoman would not comment on if the bureau is investigating whether the Anthem and Premera attacks are related.

Jeff Roe, CEO of Premera, said in a statement: "The security of Premera's members' personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause. As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."

Notification Letters

Premera is beginning to mail letters to approximately 11 million affected individuals, offering two years of free credit monitoring and identity theft protection services. The insurer also has established a dedicated call center for its members and other affected individuals.

The incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc., the company says. Members of other Blue Cross Blue Shield plans who have sought treatment in Washington or Alaska may also be affected.

Premera's investigation determined that the attackers may have gained unauthorized access to members' information, which could include names, dates of birth, Social Security numbers, mailing addresses, email addresses, telephone numbers, member identification numbers, bank account information and claims information, including clinical information.

Individuals who do business with Premera and provided the company with their email address, personal bank account number or Social Security number are also affected, the company says.

The investigation has not determined that any such data was removed from Premera's systems, and the insurer also has no evidence to date that such data has been used inappropriately, the company says.

The information involved in this incident dates back as far as 2002. Individuals who believe they are affected by the cyber-attack but who have not received a letter by April 20, 2015, are encouraged to call the number listed at that website, the company says.

"Along with steps taken to cleanse its IT system of issues raised by this cyber-attack, Premera is taking additional actions to strengthen and enhance the security of its IT systems moving forward," the company says.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network