The Washington-based health insurance provider Premera Blue Cross was the victim of a large-scale cyber attack last year, which may have exposed records of 11 million customers.
While the attack happened almost 12 full months ago, it was just recently discovered by IT experts working with Premera. Officials say hackers gained access to the insurance provider's systems in May 2014, stealing customer names, birthdates, social security numbers, home addresses, email addresses, phone numbers, and telephone numbers. The cyber attack was discovered on January 29, which coincidentally was just days before another health insurance provider, Anthem, Inc., announced that it had been the victim of an attack.
As previously stated, Anthem, Inc. was the victim of a similar cyber attack, resulting in the disclosure of names, birthdates, social security numbers and other personally identifiable information of 80 million of its customers and employees. Both Premera and Anthem said they are working closely with the Federal Bureau of Investigation (FBI) to catch the individuals responsible for these attacks and bring them to justice.
It's unknown at this time whether or not Premera's data was encrypted at the time of the breach. Under the Health Insurance Portability and Accountability Act (HIPAA), covered entities are required to encrypt their data, but they are required to implement meaningful and appropriate measures to achieve the same outcome. We recently learned that Anthem, Inc. did not encrypt its data, although the company claims that it would not have prevented the cyber attack against its systems.
Premera responded to the attack in a statement, saying privacy and security is a top priority. “I recognize the frustration that the news of this cyberattack may cause. The privacy and security of our members' personal information is a top priority for us. As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” wrote Premera President and CEO, Jeff Roe.
Premera is offering two years of credit monitoring and identify protection services to customers affected by this breach. As with all data breaches involved covered entities, Premera will notify anyone whom it believes was affected with a letter. If you have any questions regarding the May 2014 breach, you are encouraged to call Premera's dedicated hotline at 1-800-768-5817, Monday through Friday, between the hours of 5:00 AM and 8:00 PM Pacific Time.