Giant Hack Hits Premera Blue Cross

Premera Blue Cross in Mountlake Terrace, Wash., discovered on January 29, 2015 a cyberattack on its information systems. Following an investigation during which it learned the attack initially hit on May 5, 2014, the insurer now is notifying about 11 million affected individuals.

Those affected, including current and former members dating back to 2002, as well as individuals doing business with the company, are being offered two years of credit monitoring and identity theft protection services from Experian, according to a Premera statement.

The hacking affects Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate Vivacity and Connexion Insurance Solution brands.

Also See: Anthem Breach Warnings, Lessons for Healthcare

The Premera cyberattack is believed to be the second largest breach of protected health information since the breach notification rule became effective in late 2009, surpassed only by the attack on Anthem, which was disclosed in February.  As with the Anthem hack, a wide range of member information was compromised. It includes member name, birth date, Social Security number, mailing address, email address, telephone number, member identification number, bank account information, claims information and some clinical information. Business associate information at risk includes email address, personal bank account number and Social Security number if those were provided.

“The investigation has not determined that any such information was removed from Premera’s systems,” according to the company statement. “Premera also has no evidence to date that such data has been used inappropriately.

The insurer is working with the FBI and contracted with cybersecurity firm Mandiant to assist in the investigation and remediation of the breach. More information is available here.

For reprint and licensing requests for this article, click here.