Previous Story
Blue Cross Blue Shield data breach affects 10.5M customers
Posted On Sep 12 2015
Comment: Off
Attackers targeting Rochester, N.Y.-based Excellus BlueCross BlueShield might have swiped information on 10 million current and former members there, including names, birth dates, Social Security numbers, addresses and financial account and claims data.
In the case of Excellus, Schumer said the insurance firm hired cyber security experts to assess its network security. To address issues resulting from the attack, the company is working closely with Mandiant, one of the leading cybersecurity firms in the world.
An attack against Blue Cross Blue Shield affiliate Anthem exposed the personal information of up to 80 million individuals earlier this year.
Excellus said it recognizes the frustration that the incident can bring and that steps are being taken to protect members.
To date, almost 143.8 million people have had their protected health information compromised in a HIPAA privacy or security breach, according to data from the Department of Health and Human Services. Those who have done business with the company and those who have provided their financial information are also affected.
“Individuals contacted by the companies should take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center”, it added. For starters, letters have been mailed to affected members beginning September 9. What’s more, Excellus will provide those at risk with two years of free identity theft protection services via Kroll and credit monitoring via TransUnion.
Hackers are then able to combine that information with data culled from other cyberattacks, such as the breach that hit the Office of Personnel Management, which in turn allows them to draw conclusions about a person’s lifestyle, job or affiliation with the federal government. “We sincerely regret the frustration and concern this incident may cause”.
Christopher Booth, the insurer’s CEO, said in a message to customers that Excellus discovered the attack on August 5 and an investigation determined that it occurred on December. 23, 2013.
