Hackers broke into Premera Blue Cross computer systems, potentially accessing personal information for 11 million customers, including 6 million in Washington State.
According to Premera, the initial cyber attack occurred nearly a year ago, in May of 2014. Premera discovered the attack on Jan. 29. The company informed the FBI and is coordinating its investigation with the bureau.
Premera announced the security breach to the public Tuesday and created a website with information for customers.
The carrier has begun mailing out letters to affected customers and is offering them two free years of credit monitoring and identity protection services.
State Insurance Commissioner Mike Kreidler posted a response to the announcement Tuesday, saying he was concerned about the amount of time it took Premera to report the breach to his office.
Security breaches like these have put an increasing pressure on cybersecurity. The large scale demand for cyber security folk has meant there is now a huge selection of cyber security courses to choose from. Many course provides like this one here offer thousands of courses from penetration testing to cyber security degrees.
The full announcement from Premera is posted below:
On January 29, 2015, Premera Blue Cross (Premera) discovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to our Information Technology (IT) systems. Our investigation further revealed that the initial attack occurred on May 5, 2014. As part of our own investigation, we notified the FBI and are coordinating with the Bureau’s investigation into this attack.
We worked closely with Mandiant, one of the world’s leading cybersecurity firms, to conduct our investigation and to remove the infection created by the attack on our IT systems. Along with steps we took to cleanse our IT system of issues raised by this cyberattack, Premera is taking additional actions to strengthen and enhance the security of our IT systems moving forward.
This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.
Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.
We recognize this issue can be frustrating and we are taking steps to protect you. We are beginning to mail letters to affected individuals today, March 17, 2015. We are providing two years of free credit monitoring and identity theft protection services through Experian to affected individuals. We also have established a dedicated call center for our members and other affected individuals to contact. The information involved dates back to 2002 and individuals who believe they are affected by this incident but who have not received a letter by April 20, 2015, are encouraged to call 1-800-768-5817, Monday through Friday, between 5:00 a.m. and 8:00 p.m. Pacific Time (closed on U.S. observed holidays).
We sincerely regret the frustration and concern this incident may cause. The security of our members’ personal information is a top priority. More information on this topic, including directions on how to sign-up for credit monitoring and related services is available at www.premeraupdate.com
