Excellus, a BlueCross BlueShield (BCBS) provider servicing upstate New York, announced last week that it was the latest in a string of BCBS providers that experienced a data breach as a result of a cyberattack. CareFirst BlueCross Blue Shield, Anthem, and Premera Blue Cross all recently announced they were the victims of sophisticated cyberattacks impacting millions of consumers.
Excellus stated that it discovered this breach on August 5th as a result of the company’s ongoing security efforts in the wake of recent health industry cyberattacks. The company hired cybersecurity firm Mandiat to conduct a forensics analysis of the information technology (IT) system. Mandiat found evidence that cyberattackers had executed a sophisticated attack to gain unauthorized access to Excellus’ IT systems and have been in the IT systems since December 23, 2013.
The information potentially accessed includes, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information for its memebers. This incident also affected members of other BCBS plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS. Additionally, individuals who do business with Excellus were also affected.
This incident again highlights the ongoing efforts that companies, particularly those in the health industry, must take to protect against and responding to cyberattacks. Hackers are using more sophisticated techniques against those in the health care industry and may be able to conduct attacks for long periods of time without detection if appropriate actions are not taken.