A cyber attack carried out last year against Premera Blue Cross, a health insurance company, was only recently discovered, with the attack possibly compromising the financial information and medical data of about 11 million of the company's customers.
The cyber attack, which was revealed by Premera on March 17, represents the latest data breach against a company in the health industry. The breach targeted Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliates Vivacity and Connexion Insurance Solutions.
The hackers, which launched the data breach in May of last year, were able to gain access to the personal information of Premera customers, which includes their names, birth dates, claims information and Social Security numbers.
Other confidential information that the hackers may have extracted include bank account details, telephone numbers and email addresses, said Premera, which is a health benefits provider to employees in the Pacific Northwest.
While the data breach occurred in May, it was not until Jan. 29 that Premera discovered it, which was just a few days before Anthem revealed that it was also affected by such a cyber attack.
Anthem, which is the second largest health insurance company in the United States, was the victim of what could be the biggest ever data breach against such a company in the country. According to Anthem, the cyber attack that targeted its servers compromised confidential information of up to 80 million of the company's former and current employees and members.
Premera said that the company is cooperating with the FBI on the investigation of the data breach but added that it has not yet identified whether any of the exposed information was extracted from the company's servers, or if there has been data that was inappropriately used.
According to Premera, the compromised customer data could come from as early as 2002.
It is not clear whether the data that the cyber attack on Premera's servers targeted was encrypted for protection. The Health Insurance Portability and Accountability Act does not require health insurance providers to use encryption on the information that the companies store within their servers.
Hackers have found customer information located within the servers of health insurance companies their prime targets due to the combination of the lack of encryption and the significance of the data stored. Information such as Social Security numbers are particularly attractive to hackers who could use the information to steal the identities of unsuspecting victims.
Last year, authorities already warned health industry companies of a possible higher risk for security breaches. The FBI released a flash warning to the companies, stating that there has been a noticed amount of malicious activity against systems of companies related to healthcare, for extracting information of customers related to health care and personal identification.
Photo: Kiran Foster | Flickr