A cyberattack may have compromised the personal information of approximately 11 million customers insured by Premera Blue Cross.
On January 29, 2015, Premera discovered that attackers may have gained access to customer’s information dating as far back as 2002, including names, birth dates, Social Security numbers, addresses, bank-account information, and claim information, including clinical information, according to statement issued by Premera.
The health insurer discovered that the attack happened on May 5, 2014.
The company waited to announce the breach to give itself time to cleanse and secure its IT systems, Eric Earling, Premera’s vice president of corporate communications, told The Seattle Times.
“We completely recognize the frustration and concern it can cause to know there may have been unauthorized access to information,” Earling told the Times. “But there is no evidence that information was actually taken.”
This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and Premera affiliate brands Vivacity and Connexion Insurance Solutions, Inc., according to the company’s statement. The attack also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.
Premera is working with the FBI and Mandiant, a cybersecurity firm, to investigate the attack and fix the problem, according to the Times article. In the meantime, it’s mailing letters to those potentially affected by the cyberattack.
Premera will not be emailing customers regarding the attack. The company is warning customers that they might receive scam and phishing emails claiming to be from Premera.
Anyone who believes they are affected by this incident and have not received a letter by April 20 is advised to call Premera’s call center at 1-800-768-5817, or visit their website for more information.
The health insurer is also offering two years of free credit-monitoring and identity-theft protection services for those affected by the breach.
“All of us here at Premera have been affected by this attack, and we understand and share your concerns,” said Premera CEO Jeff Roe in a statement. “Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.
The attack on Premera is not the only one in the past two months. In February, Anthem, the second largest U.S. insurer, announced that its IT systems were hacked, which it also discovered on January 29. It’s estimated that the attack on Anthem may have compromised similar information for 80 million customers.