Cyber attack on Premera Blue Cross leaked 11 million customer records

Premera Blue Cross, a health insurance provider, had been attacked last year by cyber criminals who may have revealed the medical data and financial information of 11 million customers, the company reported Tuesday.




The breach permitted hackers to have unauthorized access to customers' personal information, including names, birthdates, Social Security numbers, and claims information during the May 2014 intrusion, said Premera, a health benefits provider in the Pacific Northwest. In addition, information leaked included bank account information, email addresses and telephone numbers, Premera said.


The attack was detected January 29. After Premera Blue Cross, the second target was Anthem. It claims to be the victim of a sophisticated cyber attack. Anthem affirmed that the attack on its servers consist of  the unencrypted personal information such as names, dates of birth, member IDs, and Social Security numbers of around 80 million current and former members and employees.

According to Premera the company is working with the FBI to investigate the breach but it has still not determined whether any information was detached from the servers or "used inappropriately." The customer information that may have been exposed consist of dates as far back as 2002, Premera said.
Under the federal Health Insurance Portability and Accountability Act (HIPAA), health insurance companies are not required to encrypt the data stored on their servers. However it is still not confirmed whether the information disclosed in Premera's hack was encrypted.

The sensitive information of customers held by health care organizations including Social Security numbers appears to be attractive to hackers who seek to steal identities.

There is a warning for health care companies by Law enforcement that they may face an increased risk of data breach attacks. After a cyber attack on US hospital group Community Health Systems in August, the FBI issued a flash warning to companies that it had observed "malicious actors targeting healthcare related systems,"  possibly to gain health care information or personal identification information, according to Reuters.