Excellus BlueCross BlueShield, a health insurer providing service in western New York state, said Wednesday that it and its affiliates were recently hit with a data breach in which hackers may have accessed the personal information of 10.5 million customers.
The investigation has not determined personal information was removed or used inappropriately.
The company says it is sending letters about the breach to its customers.
To view the full article, register now.
The attack affected about 7 million Excellus members and 3.5 million members of its non-Blues subsidiary, Lifetime Healthcare Cos.
Excellus Bluecross Blueshield announced Wednesday it is the victim of a sophisticated cyber attack. “We’re making a broad range of services available today for our members, our employees and other impacted individuals to help protect their information”.
Excellus BCBS says it is cooperating with the FBI’s investigation.
Information potentially exposed may include individuals’ names, addresses, birthdates, Social Security numbers, member IDs, financial account information, claims data and clinical information, the spokesman says.
The initial attack occurred in late December 2013, and altogether more than 10 million individuals are affected. The company is offering two years of free identity-theft protection services, including credit monitoring, and it has set up a dedicated call center and website for people seeking more information on the attack.
Excellus said members of other Blue Cross Blue Shield plans who sought treatment in the 31-county upstate New York service area of Excellus BlueCross BlueShield also were affected.
“We sincerely regret any concern this may cause”, he said.
Individuals who believe they are affected by the cyberattack, but who do not get a letter by November. 9, are encouraged to call 1-877-589-3331. Yes you can. Join us for an interactive live expert Q&A – it’s free! “We have moved quickly to close the vulnerability, remediate our IT systems and to strengthen and enhance the security of our IT systems moving forward”.
The FBI works extensively with private industry to raise awareness of cyber threats and earlier this year briefed representatives of the health care industry, including LTHC/Excellus BCBS. “Cyber intrusions are a significant threat and the Federal Bureau of Investigation will continue to devote substantial resources and efforts to bring those responsible to justice”.