11 Million Accounts Compromised In Large-Scale Breach

The hits keep on coming.

A mere week after the State Department announced that it had identified a vulnerability in its system, Premera Blue Cross (a Blue Cross Blue Shield licensed health insurance company) has announced that it is now the victim of a data breach suspected of affecting upwards of 11 million users. Premera has announced that both patient financial and medical records have been compromised, which includes Social Security Numbers and bank account information.

But what seems to be equally as startling about the situation is that it’s been a whopping 47 days since the initial discovery of the breach (January 29th). This 47-day delay is unwarranted and is extremely detrimental to both patients’ and employees’ financial accounts. It’s also been stated that hackers gained access to the system last spring, May 2014. This means that hackers have had access to a monumental amount of client and employee information for the past 10 months.

Premera has released a statement discussing the severity of the breach:

“Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.

Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected.”

And to add insult to injury, Blue Cross Blue Shield has now experienced two significant data breaches — the first; the Anthem Blue Cross Blue Shield breach that compromised nearly 80 million accounts — since the beginning of 2015. There have been more than 91 million Blue Cross Blue Shield associated accounts affected. This is a figure that we can expect to continue to rise, as it seems healthcare providers are hackers’ new easy targets.

If it’s any consolation, Premera will be offering its employees and patients a complimentary credit monitoring service via Experian for the next two years. Those who have been affected by this breach will be notified by postal mail.

SOURCE: Krebs On Security