As expected, the healthcare breach news keeps on coming as Modern Healthcare is reporting that Premera Blue Cross, a health plan in the Pacific Northwest, was hit with the second-biggest cyberattack in industry history. Of course, the attack, which exposed personal, financial and medical information of more than 11 million customers, will only stack up as the second largest in industry history for the blink of an eye, as others will come and replace this one in the blink of an eye.
It’s an unfortunate fact. According to the magazine, the company discovered the attack on Jan. 29, 2015. An investigation revealed that the initial attack occurred May 5, 2014; the hack affected Premera Blue Cross, Premera Blue Cross and Blue Shield of Alaska, and Premera affiliate brands Vivacity and Connexion Insurance Solutions.
“Premera said the company has not been able to determine if any data was actually removed from the company's systems and that there's no evidence that any of the records in the breached system have used inappropriately.”
Just weeks after the Anthem breach, Modern Healthcare says that the information exposed dates to 2002, with records including member names, birth dates, Social Security numbers, mailing and e-mail addresses, telephone numbers, member identification numbers, bank account information and claims information.
According to reports, Premera Blue Cross will mail confirmation to those affected and is offering two years of free credit monitoring and identity theft protection. The company also has established a website, www.premeraupdate.com, dedicated to information about the breach.
"We at Premera take this issue seriously and sincerely regret the concern it may cause," Premera CEO Jeff Roe said in a statement. "As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."
Anthem was the subject of a hack attack, as previously reported here, in which more than 80 million customer and employee records were compromised.
At Anthem, stolen identifiers included names, birthdays, medical IDs, Social Security numbers, addresses, emails addresses, income data and employee information.
The impacted plans and brands included Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.
Nearly three-quarters of the records exposed in healthcare breaches reported to HHS have been linked to cyberattacks, Modern Healthcare reports, even though those attacks account for less than 10 percent of the breaches.