Premera Blue Cross Hacked, Exposing 11 Million Customers’ Personal Data

As expected, the healthcare breach news keeps on coming as Modern Healthcare is reporting that Premera Blue Cross, a health plan in the Pacific Northwest, was hit with the second-biggest cyberattack in industry history. Of course, the attack, which exposed personal, financial and medical information of more than 11 million customers, will only stack up as the second largest in industry history for the blink of an eye, as others will come and replace this one in the blink of an eye.  

It’s an unfortunate fact. According to the magazine, the company discovered the attack on Jan. 29, 2015. An investigation revealed that the initial attack occurred May 5, 2014; the hack affected Premera Blue Cross, Premera Blue Cross and Blue Shield of Alaska, and Premera affiliate brands Vivacity and Connexion Insurance Solutions.

“Premera said the company has not been able to determine if any data was actually removed from the company's systems and that there's no evidence that any of the records in the breached system have used inappropriately.”

Just weeks after the Anthem breach, Modern Healthcare says that the information exposed dates to 2002, with records including member names, birth dates, Social Security numbers, mailing and e-mail addresses, telephone numbers, member identification numbers, bank account information and claims information.

According to reports, Premera Blue Cross will mail confirmation to those affected and is offering two years of free credit monitoring and identity theft protection. The company also has established a website, www.premeraupdate.com, dedicated to information about the breach.

"We at Premera take this issue seriously and sincerely regret the concern it may cause," Premera CEO Jeff Roe said in a statement. "As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."

Anthem was the subject of a hack attack, as previously reported here, in which more than 80 million customer and employee records were compromised.

At Anthem, stolen identifiers included names, birthdays, medical IDs, Social Security numbers, addresses, emails addresses, income data and employee information.

The impacted plans and brands included Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.

Nearly three-quarters of the records exposed in healthcare breaches reported to HHS have been linked to cyberattacks, Modern Healthcare reports, even though those attacks account for less than 10 percent of the breaches.

Scott Rupp's picture

Scott Rupp

Contributor

Scott E. Rupp is a writer and an award-winning journalist focused on healthcare technology. He has worked as a public relations executive for a major electronic health record/practice management vendor, and he currently manages his own agency, millerrupp. In addition to writing for a variety of publications, Scott also offers his insights on healthcare technology and its leaders on his site, Electronic Health Reporter.

comments powered by Disqus

Related Articles