Another U.S. health insurer has experienced a significant data breach. On Tuesday, Premera Blue Cross confirmed that it had been the victim of a cyberattack which may have exposed the private information belonging to its 11 million customers, including their bank account numbers, Social Security numbers, birth dates, emails, addresses, phone numbers, and even their claims and clinical information.
The company says that the attack began on May 5 of 2014, but it wasn’t discovered until January of this year. In a statement posted the insurer’s website, the incident is described as affecting Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc.
While the attackers may have gained unauthorized access, Premera says it has not determined that the data was removed from its systems, nor has it yet been found to have been used inappropriately. However, the company is offering all affected parties two years of free credit monitoring and identity protection services as a precaution, and warns potential victims that it won’t email them or make unsolicited phone calls regarding the incident.
Unfortunately for cyberhacking victims, other scammers often follow on attacks like this with their own attempts at extracting private data through phishing schemes and social engineering tactics – as was the case shortly after the Anthem data breach.
As you likely recall, in February 2015, the nation’s second-largest insurer Anthem also saw attackers steal the personal information belonging to likely tens of thousands of customers, and soon after, these same victims were targeted with various phishing schemes.
While Premera’s attack may have been smaller in scale than Anthem’s, which saw over 70 million members affected to Premera’s 11 million, experts speaking to Reuters are now saying that it’s the largest breach involving patient medical information. Neither Anthem or the hospital operator Community Health Systems, which was breached last year, believed their attackers had gained access to medical information, that is.
In addition, 6 million of the 11 million customers were Washington state residents, and include those working at a number of large businesses, including Amazon, Microsoft and Starbucks.
According to independent security expert Brian Krebs, the Premera breach may also be the work of state-sponsored espionage groups based in China, noting that Premera says it’s working with the FBI and security firm Mandiant following the attack. Mandiant specializes in tracking and blocking attacks from state-sponsored hacking groups, particularly those based in China,” writes Krebs, who was the first to make the Anthem-China connection. He says it appears that the same group blamed for Anthem’s breach may have targeted Premera customers as well, by hosting a misspelled domain name for the company where visitors would have been tricked into downloading malicious software.