Premera Blue Cross Admits to Data Breach, Exposes Records of 11 Million Patients

Earlier this week, health insurer Premera Blue Cross disclosed that they have been subject to a hacking attack, with their information database for more than 11 million customers being broken into. This comes in the wake of the massive Anthem data breach, where the medical records of more than 70 million customers were also stolen.

[Read: The Anthem data breach, and why healthcare companies are prime targets]

In a public statement released March 17, 2015, Premera revealed that the attackers may have gotten access to the claims data of their customers that includes clinical information, banking account numbers, social security numbers, birth dates and more.  According to their analysis of the incident, the attack appears to have begun in May 2014.

6 million of the 11 million stolen records have been identified by the health insurer to be those of Washington state residents, with that amount made up of employees of large companies such as Inc, Microsoft Corp and Starbucks Corp. The remainder are spread across every US state.

As of this writing, Premera Blue Cross stated that they have yet to find evidence that the stolen information has been used for malicious purposes.

The implications of such an attack may prove very inconvenient and possibly quite harmful to the victims. Medical records are highly valuable in the cybercriminal underground, especially when it’s tied to medical insurance. These records not only reveal the victims' personal and financial information to the cybercriminal – and both are already in high demand – but they also reveal details about the victim that could be used more heinous purposes such as blackmail and insurance fraud. Combine that with the usual threats that are connected with data breaches like banking fraud and identity theft, and the potential for financial and reputation damage increases exponentially, both for the victimized company and its customers.

While customers can't do much to prevent these attacks – it's the company's responsibility to protect customer and company data after all – here’s a checklist of steps that users can take if they suspect their healthcare insurers have been compromised:

  • Change your passwords. All of them.
  • Change your security question answers.
  • Don’t click on any email links or files that come with suspicious emails.
  • Secure your system with an online security solution.

[More on Data Breaches: the latest incidents, information, and advice]


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.