Pierluigi Paganini March 18, 2015

US health insurer Premera Blue Cross announced its network had been hacked, potentially exposing data from 11 million individuals.

A few weeks after the disclosure of the data breach suffered by from Anthem Blue Cross, which exposed 80 million customer records, another US health insurer was victim of a major attack that is affecting 11 Million customers and contractors.

Premera Blue Cross announced Tuesday its computer network had been hacked, potentially exposing data from 11 million people. Premera discovered the data breach on January 29, the company admitted “that cyberattackers had executed a sophisticated attack” to compromise its network.

The attack started on May 5, 2014, the sensitive information accessed by the bad actors includes members’ name, dates of birth, social security numbers, email addresses, bank account data and medical claims information.

“The attackers may have gained access to the personal information of our members, along with the information of our employer customers, healthcare providers and other people and organizations with whom we do business. That information could include names, dates of birth, addresses, telephone numbers, email addresses, Social Security numbers, member identification number, medical claims information and financial information.” states the announcement.

The company is investigating on the data breach supporting the FBI with the help of experts at Mandiant security firm.

Premera informed its customers that it is taking proactive steps to provide protection and assistance to those affected, the company also announced improvement for the security of its systems.

“The security of Premera’s members’ personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause,” said Premera chief executive Jeff Roe.

In the official announcement, the Premera staff highlights that its is also victim of the cyber attacks, and for this reason share the same concern of the customers impacted by the data breach.

“We want to ensure you have the information and assistance you need so please call 1-800-768-5817 or visit www.premeraupdate.com for help and more information.”

Security experts believe that the number of major data breaches will increase in next months. Last year the threat landscape was mainly characterized by attacks on the retail industry, let’s remind the case of Home Depot and Target, but data managed by organizations in the healthcare industry are becoming even more attractive for cyber criminals.

In August 2014, the FBI alerted the healthcare industry companies on potential cyber attacks, the law enforcement warned companies after the attack on U.S. hospital group Community Health Systems Inc that caused the theft of millions of patient records.

Stay Tuned for further information.

Pierluigi Paganini

(Security Affairs –  Healthcare,  Premera)