Premera Blue Cross Data Breach Investigated
By MARY KAUFFMAN
March 17, 2015
SitNews reported last month that close to 34,000 Alaskans may have been impacted by a sophisticated cyber attack on Anthem, a member of the Blue Cross and Blue Shield Association.
However, not until today did Premera Blue Cross announced their recent discovery that cyberattackers had executed this sophisticated attack attempting to gain unauthorized access to its Information Technology (IT) systems.
According to today's news release, Premera's investigation thus far revealed that the initial attack occurred on May 5, 2014. As part of its investigation, Premera notified the FBI and is coordinating with the Bureau's investigation into this attack. Premera said it has also worked closely with Mandiant, one of the world's leading cybersecurity firms, to conduct a comprehensive investigation of the incident and to remove the infection created by the attack.
Premera Blue Cross, one of the largest health insurers in the Pacific Northwest, found that hackers had broken into its network in May 2014 and accessed personal data of its customers. Premera Blue Cross did not discover the breach until January 29, 2015.
In a prepared statement, U.S. Senator Lisa Murkowski (R-AK) responded today to the news that the Premera Blue Cross IT system was hacked into, putting the security of millions of personal records at risk.
"The security of Premera's members' personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause," said Jeff Roe, Chief Executive Officer, Premera. "As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."
“The privacy and security of all Alaskans remains a top priority of mine. This attack only underscores Congress’ need to support existing cyber security safeguards while searching for innovative solutions that keep pace with evolving threats," said Congressman Don Young (R-AK) in a prepared statement today.
Young said, “While information regarding this data breach is still being released, it’s important for Alaskans to be aware of this cyber attack and the resources being offered by Premera to minimize the impacts. According to Premera, letters to those impacted by this cyber attack will be mailed as early as today.”
This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Premera's investigation determined that the attackers may have gained unauthorized access to members' information, which could include members' name, date of birth, Social Security number, mailing address, email address, telephone number, member identification number, bank account information, and claims information, including clinical information. Individuals who do business with Premera and provided the company with their email address, personal bank account number, or Social Security number are also affected.
The investigation has not as yet determined that any such data was removed from Premera's systems. Premera also has no evidence to date that such data has been used inappropriately.
Premera announced today, it is beginning to mail letters to approximately 11 million affected individuals, and is providing two years of free credit monitoring and identity theft protection services to those individuals. Premera also has established a dedicated call center for its members and other affected individuals. More information can be found at: www.premeraupdate.com. According to a Premera news release, information involved in this incident dates back to 2002 and individuals who believe they are affected by this cyberattack but who have not received a letter by April 20, 2015, are encouraged to call the number listed at that website.
Along with steps taken to cleanse its IT system of issues raised by this cyberattack, Premera said it is taking additional actions to strengthen and enhance the security of its IT systems moving forward.
Milberg, investigating potential violations of the federal and state laws by Premera Blue Cross in connection with this massive data breach, previously served as a member of the court appointed consumer plaintiffs steering committee in litigation concerning the 2013 data breach that affected over 110 million Target shoppers. Milberg also currently represents a proposed class of Anthem, Inc. insureds for a breach of the insurer's network that affected over 78 million Anthem customers. The nation’s second largest health insurance company Anthem is a member of the Blue Cross and Blue Shield Association.
At this point, Premera does not believe that data was removed from their network.
If you have received a notification from Premera that your personal information has been accessed or if you are a member of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, Vivacity, or Connexion Insurance Solutions, Inc. and have questions about the Premera data breach, have any information about Premera, or if you would like to learn more about this potential matter please contact:
Source of News: