Yet another healthcare entity has been hacked, this time Premera Blue Cross in Washington, which today said it was the target of a “sophisticated cyber attack” that may include medical and financial information on some 11 million customers.
The health plan, based just outside of Seattle, said it discovered its IT systems were breached on January 29. After conducting an investigation, it was determined that the breach dates back to May of last year and includes Premera Blue Cross and Blue Shield of Alaska and several affiliates, including Vivacity and Connexion Insurance Solutions.
Although much bigger hacks have occurred in recent months, including Anthem and Community Health Systems, the attack on Premera could possibly be the largest to included medical information versus just patient information like Social Security numbers and names, according to a report from Reuters, citing security expert Dave Kennedy, CEO of TrustedSEC.
Other information likely accessed includes dates of birth, addresses, telephone numbers, email addresses, member identification numbers, medical claims information and financial information, according to Premera. The health plan added that its investigation has not determined the data was removed from its systems and that it has no evidence “at this point” that any of the data has been used inappropriately.
“The security of Premera’s members’ personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause,” CEO Jeff Roe said in a statement. “As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people’s information.”
The health plan said it is already working with the FBI and Mandian, a leading cybersecurity firm, to both investigate the attack and to cleanse its IT system of the infection created by the attack.
