Hackers wriggled their way into the servers of health insurance provider Premera Blue Cross 10 months ago, and potentially exposed the information of 11 million members, employees and other associates.
The provider announced yesterday that customer information, including names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, identification numbers, bank account information, and claim information—including medical ailments–may have been leaked by hackers.
Prospective customers, including Blue Cross Blue Shield members who sought treatment in either Washington or Alaska are believed to be affected as well, as are any individuals who may have given the company their email address, bank account number or Social Security number.
In a notification on its site, the company claims it noticed the attack on Jan. but that after further examination, the attack actually began nearly 10 months earlier, on May 5, 2014.
The Pacific Northwest-based company sells insurance under the Blue Cross name across Alaska, Oregon, and Washington, and this incident affects all of its customers, including those at Premera Blue Cross Blue Shield of Alaska, and affiliate brands Vivacity and Connexion Insurance Solutions, Inc.
Premera is advising customers to be on the lookout for a physical letter providing more information about the breach and in the meantime is cautioning not to open suspicious-looking emails or answer calls they receive.
The hack comes nearly six weeks after another healthcare company, Anthem, announced that attackers had compromised their systems and gained access to customers’ names, birth dates, Social Security numbers and so forth. The exact number of those affected by the Anthem breach has been hard to pin down from the beginning but the company did clarify last month that approximately 78.8 million of its customers may have had their information breached. The company confirmed that non-customers may also be affected by the hack and that somewhere between 8.8 million and 18.8 million additional Blue Cross Blue Shield customers may have been implicated.
As is becoming common practice these days, Premera has announced it will offer those affected two years of free credit monitoring and identity theft protection. The company has also confirmed that it will investigate the hack alongside the FBI and Mandiant, the cybersecurity firm that also helped Anthem and Sony investigate their recent breaches.
Mandiant has proved skilled at digging up information on Chinese state-sponsored attacks in the past – namely last year’s APT 18 announcement – but no one in Premera’s camp has suggested the People’s Republic is behind this particular attack.
Researchers with ThreatConnect, a Virginia-based firm, however, suggested last month the Anthem breach may have emanated from China and that there may be a possible Anthem-Premera connection. In a blog post on Feb. 28 researchers with the firm suggested that the campaign may stretch back to 2013 and that a domain they hosted, prennera[.]com, may have been impersonating Premera Blue Cross.
ThreatConnect points out that the same attackers previously hosted a site called we11point[.]com to carry out attacks in May 2014. Anthem was known as WellPoint before it switched its name to Anthem Inc. last year.