Yet another BlueCross Blue Shield health insurer was breached by hackers this week, exposing more than 10 million personal records.
Rochester, New York-based Excellus announced Wednesday that the breach began nearly two years ago and was first discovered last month. Though the company has not determined whether data was taken off its servers, it has confirmed that hackers had access to personal information including birth dates, Social Security numbers, home addresses and claims and payment information.
Excellus CEO Christopher Booth characterized the hack as a “very sophisticated cyberattack,” but assured consumers that there is no evidence that breached data has been used inappropriately. In addition, the company is offering victims two years of free credit monitoring and identity theft protection.
The breach is the latest in a series of high-profile attacks against health insurance companies, including the February breach of Anthem that affected 80 million consumers and the July UCLA hack that exposed medical data on 4.5 million people.
The healthcare industry, including insurance companies, is indeed the target of an increasing number of data breaches. In fact, a study from the Journal of the American Medical Association suggests that there were more than 900 breaches of protected health information affecting at least 500 people between 2010 and 2013.
More than 29 million records were affected by the breaches, with six involving more than 1 million records each. The majority were caused by criminal activity and, in total, account from more than 82% of all reported breaches in the years that were studied.
Roughly 67% of breaches occurred via electronic media, most particularly involving laptop computers and portable electronic devices. Most breaches – at least 58% – also involved theft.
Excellus has not released any information on the identity of the hackers responsible for the breach.
