Another health insurer hacked; 11mn at risk

The hack of another prominent Blue Cross health insurance carrier has exposed the records of 11 million consumers.

Insurance News

By

Just one month after Anthem Inc. disclosed a cyber-attack that exposed the information of nearly 80 million people, another health insurer has fallen victim to hackers.

Premera Blue Cross, a not-for-profit based in Washington State, announced yesterday that the information of around 11 million consumers was compromised in a breach it detected on January 29. The records exposed could include names, birthdays, Social Security numbers, addresses, bank account information and health data for claims paid by Premera.

The actual breach could have occurred as early as last May, said company spokesman Eric Earling. Investigators are still attempting to determine the source of the breach, but some leads on the software used suggest a China-based hacking operation—the same ties that were seen in the Anthem breach.

None of the data accessed in either the Premera or the Anthem breach has shown up on online black markets used by identity thieves, investigators said, and Earling confirmed “there is no evidence that any data was removed from the system and no evidence any data was used inappropriately.”

The breach is currently the subject of a Federal Bureau of Investigation probe. As of yet, there is no confirmed evidence the two attacks were linked.

The insurance regulatory community remains concerned, however. Washington State Insurance Commissioner Mike Kreidler said in a statement yesterday he was unhappy over the “approximately six weeks” it took for his office to be notified of the Premera attack, while Earling maintains the company was “strongly advised by experts” to complete an investigation into the breach and secure its systems before informing the public.

The National Association of Insurance Commissioners is hoping to dispel some of this confusion. Establishing a consumer “bill of rights” in the event of a data breach is one of the many tasks the newly established Cybersecurity (EX) Task Force hopes to accomplish this year, which would establish a framework for cyber response by insurers.

The task force also hopes to unify standards for how insurance companies safeguard consumer data and respond to any breaches.

The NAIC said yesterday it is “closely monitoring” the Premera Attack, as well as the breach at Anthem.

Premera is a prominent insurer in the Pacific Northwest, with clients including Microsoft and Starbucks. Agents with clients enrolled in Premera plans can go to http://www.premeraupdate.com, a website established to relay new information about the breach.

The company is making available two free years of credit monitoring and identity protection services to anyone affected.

You may also be interested in: "Anthem releases official data breach numbers"
"Anthem slapped with lawsuits, probe following data breach"

Keep up with the latest news and events

Join our mailing list, it’s free!