The New York-based health insurance company Excellus has suffered a major data breach, affecting an estimated 10 million customers. The company announced earlier this month that it had been the victim of cyber attack on December 23, 2013, although the breach was not discovered until August 2015. During the attack, hackers were able to access some 10 million personal records, making this is the third largest Health Insurance Portability and Accountability Act (HIPAA) breach of all time.
According to a statement made by Excellus, hackers were able to access names, birth dates, Social Security Numbers, home addresses, insurance claims, and financial information pertaining to its customers. 7 million compromised records were its own customers, while an additional 3.5 million were from its parent company, Limetime Healthcare Companies, which was also breached during the attack.
So, will Excellus face a fine or other penalties for this breach? It's still too early to tell at this point; however, the insurance provider has reportedly encrypted its data. The hackers were able to bypass this security measure by logging into the system with administrator privileges, at which point the data was unencrypted. T
As noted by Nikki Parker of Covata, cyber attacks have become increasingly commonplace among healthcare providers. And when a hacker gains access to a network, they usually target all of its connected networks as well.
“It is becoming clear that 2015 is the year of the Health Care Hack," said Nikki Parker of the cybersecurity firm Covata when speaking to USA Today. "In these kinds of cases, if you have access to the network, you won't stop, you will hit as much as you can. That means it won't just be BlueCross that is impacted, it will be their vendors, physician offices connecting to them, and accessible affiliates all over the country.”
You can learn more about the Excellus data breach by visiting http://www.excellusfacts.com/. Excellus set up this website for the sole purpose of informing its customers and the general public about the breach.
So, what should you do if you believe your personal information was compromised during the breach? Excellus has already begun to mail letters to individuals affected by the breach. Furthermore, it's offering two free years of identity protection services through Kroll, as well as credit monitoring through the credit bureau TransUnion. There's even a dedicated call center established where customers can learn more about the breach: 1-877-589-3331.
The Federal Bureau of Investigation (FBI) is currently investing the incident.