Premera Blue Cross revealed Tuesday it was hit by a sophisticated cyber attack potentially exposing personal data for approximately 11 million of its members including members, employees and others with whom it does business, dating back to as early as 2002.  The insurer said its investigation revealed the initial malware attack occurred on May 5, 2014, and access went undetected until January 29, 2015.  This breach adds to the growing list of hacks against health care companies and should again be an alert that systems must be adequately protected from sophisticated hackers.

Premera determined that hackers could have gained unauthorized access to applicants’ and member’s information, possibly including names, addresses, dates of birth, Social Security numbers, bank information and clinical information.  Premera stated that there is no evidence thus far that any of the data has been used illegally.

Premera is sending out letters to its customers, offering two years of free credit monitoring and identity theft protection services to those affected. A call center also is being set up. The company said it is working with the FBI and the cybersecurity firm Mandiant to investigate the attack and fix the problem.

As we discussed in a recent client alert, proactive HIPAA compliance efforts can reduce and mitigate the risk of future losses due to HIPAA and HITECH violations and breaches. It is clear from the recent cyber attacks that health care companies are significant targets.  Companies with relationships with these type of providers should carefully review their notification obligations and ensure that adequate risk allocations in connection with breaches are included in agreements going forward.

Posted by Stephanie Cason

2 Comments

  1. […] we discussed in our previous post, Premera Blue Cross (Premera) recently revealed that it suffered a massive data breach potentially […]

    Reply

  2. […] a data breach as a result of a cyberattack.  CareFirst BlueCross Blue Shield, Anthem, and Premera Blue Cross all recently announced they were the victims of sophisticated cyberattacks impacting millions of […]

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s