Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Cyber attack on New York Blues plan Excellus affects 10 million

Reprints
Cyber attack on New York Blues plan Excellus affects 10 million

Excellus BlueCross BlueShield, a Rochester, New York-based insurer, disclosed Wednesday afternoon that it was the victim of a sophisticated cyber attack by hackers who may have gained access to over 10 million personal records.

Christopher Booth, the insurer's president and CEO, said in a message to customers that Excellus discovered the attack on Aug. 5 and an investigation determined that it occurred on Dec. 23, 2013. The hackers are believed to have had access to customers' names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification, financial account information and claims information, which would likely include medical data.

The attack affected about 7 million Excellus members and 3.5 million members of its non-Blues subsidiary, Lifetime Healthcare Cos.

As with other Blue Cross and Blue Shield affiliates that have been hacked, the incident also affects members of other Blues plans who sought treatment in Excellus' 31-county upstate New York service area. It also affects individuals who do business with the insurer and have provided their financial account information or Social Security numbers.

An investigation by Excellus has not determined that any data was removed from the insurer's systems, nor is there evidence that the compromised data has been used fraudulently.

Blues insurers have recently been the targets of major cyber attacks, including Washington, D.C.-based CareFirst Blue Cross and Blue Shield, Seattle-based Premera Blue Cross and Indianapolis-based Anthem Inc., which was the victim of the largest cyber attack ever disclosed by a health care company, affecting about 80 million current and former members.

Adam Rubenfire writes for Modern Healthcare, a sister publication of Business Insurance.

Read Next