Healthcare Information Security

Patient Privacy News

Premera Health Data Breach May Affect 11M

By Elizabeth Snell

- Premera Blue Cross announced today that it was the “target of a sophisticated cyber attack,” leading to a health data breach that could potentially affect 11 million individuals.

The Premera health data breach was discovered by the company on Jan. 29, 2015, and said that the initial attack occurred on May 5, 2014. Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. are all potentially affected. Moreover, members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska were also affected by the cyber attack, Premera explained.

Applicants and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information, were all potentially exposed.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected,” according to the Premera statement. “The investigation has not determined that any such data was removed from our systems.  We also have no evidence to date that such data has been used inappropriately.”

Letters will begin to be sent to affected individuals as of today, and two years of free credit monitoring and identity protection services will also be offered to those applicants and members.

“We sincerely regret the frustration and concern this incident may cause,” the statement read. “The security of our members’ personal information is a top priority.”

Premera President and CEO Jeff Roe reiterated that sentiment in his own statement, and added that he understand the frustration that the news of this cyber attack likely created.

“As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” Roe said. “All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”

Premera spokesman Eric Earling stated that this cyber attack was not related to the Anthem health data breach that was announced in early February. In that incident, nearly 80 million individuals potentially had their personal information exposed in a cyber attack. Earling added that Premera discovered this incident independently from the Anthem breach, according to Reuters.

We will update this story as more information becomes available.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks