Health-insurance company Premera Blue Cross admitted yesterday that the financial and medical records of at least 11 million people (dating as far back as 2002) were stolen in a data breach.
On the website PremeraUpdate.com, which the company established to post information about the breach, Premera said it “has been the target of a sophisticated cyberattack” which initially started on May 5, 2014. The company first learned of this on January 29, 2015, and waited until yesterday to announce this to the public.
The brands affected by this breach include Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the affiliated brands Vivacity and Connexion Insurance Solutions, Inc.
As for what information the hackers may have stolen, Premera's statement says that:
Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.
Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.
Watch the mail
Premera intends to send letters notifying affected customers and employees. The website also specifically said that:
Premera won't email you or make unsolicited phone calls to you regarding this incident. Please be on the alert if you are contacted and asked to provide personal information.
Despite this warning, there will be plenty of would-be scammers posing as Premera representatives, sending emails or making phone calls to intended victims in hope of cheating them. Delete any email and hang up on any caller claiming to be from Premera with information about this breach.
If you have been affected in this breach, Premera says it will offer two years of free credit monitoring and identity protection, for those who enroll by Sept. 20.
Who is behind this hacking? Premera hasn't said, but security expert Brian Krebs suggests that the hackers might have the backing of the Chinese government.
The Chinese are also suspected of being behind other recent high-profile hackings, including the Anthem insurance hacking discovered last month, last November's announced hacking of a U.S. Postal Service database containing the personal information of 800,000 USPS employees, and the discovery last July that hackers breached the federal Office of Personnel Management, stealing the data of up to 5 million government employees and contractors who hold security clearances. (China's government, for its part, has repeatedly denied any role in any American hacking activities, and points out that hacking is illegal under Chinese law.)
Premera is working with the FBI and also with the security firm Mandiant which, as Krebs points out, specializes in identifying and blocking attacks from state-sponsored hacking groups, particularly those based in China.