⏳ Final hours! Save up to 60% OFF InvestingProCLAIM SALE

Premera Blue Cross breached, medical information exposed

Published 18/03/2015, 00:30
Premera Blue Cross breached, medical information exposed
MSFT
-
AMZN
-
SBUX
-

By Jim Finkle

BOSTON (Reuters) - Health insurer Premera Blue Cross said on Tuesday it was a victim of a cyberattack that may have exposed medical data and financial information of 11 million customers, in the latest serious breach disclosed by a healthcare company.

Premera said the attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data in an attack that began in May 2014.

It is the largest breach reported to date involving patient medical information, according to Dave Kennedy, an expert in healthcare security who is chief executive of TrustedSEC LLC.

About 6 million of the people whose accounts were accessed are residents of Washington state, where customers include employees of Amazon.com Inc (NASDAQ:AMZN), Microsoft Corp (NASDAQ:MSFT) and Starbucks Corp (NASDAQ:SBUX), according to Premera. The rest are scattered across every U.S. state.

The insurer said it has so far uncovered no evidence to show that member data was "used inappropriately."

Medical records are highly valuable on underground criminal exchanges where stolen data is sold because the information is not only highly confidential but can also be used to engage in insurance fraud.

"Medical records paint a really personal picture of somebody's life and medical procedures," Kennedy said. "They allow you to perpetrate really in-depth medical fraud."

A Starbucks spokesman told Reuters that Premera notified the coffee chain on Tuesday that Starbucks may have been affected by the attack. A representatives from Amazon did not respond to requests for comment, and a representative at Microsoft declined comment.

Although a breach at Anthem disclosed earlier this year and another large one disclosed last year by hospital operator Community Health Systems Inc involved larger numbers of records, those companies said they believed the attackers did not access medical information.

The Premera breach was uncovered on Jan. 29, the day that insurer Anthem Inc disclosed a cyber attack involving records of some 79 million members in Blue Cross Blue Shield plans across the country.

Premera spokesman Eric Earling said the two attacks were unrelated and that his company independently identified its breach.

Still, experts expect that other healthcare companies will find that they have been breached as the latest attack prompts them to look for intrusions.

"I think other insurance providers are compromised today and we still don't know it. More and more are going to disclose attacks," Kennedy said.

Premera hired FireEye Inc to investigate the matter and is also working with the FBI.

The attack affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliated brands Vivacity and Connexion Insurance Solutions.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.