Premera Blue Cross breached, medical information exposedPosted On: Mar. 17, 2015 12:00 AM CST
(Reuters) — Health insurer Premera Blue Cross said on Tuesday it was a victim of a cyber attack that may have exposed medical data and financial information of 11 million customers in the latest case of a health care company reporting a serious breach.
It said the attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data in an attack that began in May 2014 and was uncovered Jan. 29.
It is the largest breach reported to date involving patient medical information, according to Dave Kennedy, an expert in healthcare security who is chief executive of TrustedSEC L.L.C.
Breaches over the past year at health insurer Anthem Inc. and hospital operator Community Health Systems Inc. involved a larger number of records, but those companies said they believe the attackers did not access medical information.
Medical records are highly valuable on underground criminal exchanges where stolen data is sold because the information is not only highly confidential, it can also be used to engage in insurance fraud.
“Medical records paint a really personal picture of somebody's life and medical procedures,” Mr. Kennedy said. “They allow you to perpetrate really in-depth medical fraud.”
The insurer said it has so far uncovered no evidence to show that member data was “used inappropriately.”
“We at Premera take this issue seriously and sincerely regret the concern it may cause,” CEO Jeff Roe said in a statement.
Premera has set up a hot line to field members' calls and offering free credit monitoring. More information is available at http://www.premeraupdate.com.
“As much as possible, we want to make this event our burden, not that of the affected individuals,” Mr. Roe said in the statement.
Premera is working with the FBI and FireEye Inc. to investigate the matter.
The attack affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliate brands Vivacity and Connexion Insurance Solutions.
FBI spokesman Joshua Campbell told Reuters the agency is investigating the attack.