Cyber attack on Premera Blue Cross leaked 11 million customer records

Premera Blue Cross, a health insurance provider, had been attacked last year by cyber criminals who may have revealed the medical data and financial information of 11 million customers, the company reported Tuesday.

The breach permitted hackers to have unauthorized access to customers’ personal information, including names, birthdates, Social Security numbers, and claims information during the May 2014 intrusion, said Premera, a health benefits provider in the Pacific Northwest. In addition, information leaked included bank account information, email addresses and telephone numbers, Premera said.

The attack was detected January 29. After Premera Blue Cross, the second target was Anthem. It claims to be the victim of a sophisticated cyber attack. Anthem affirmed that the attack on its servers consist of  the unencrypted personal information such as names, dates of birth, member IDs, and Social Security numbers of around 80 million current and former members and employees.

According to Premera the company is working with the FBI to investigate the breach but it has still not determined whether any information was detached from the servers or “used inappropriately.” The customer information that may have been exposed consist of dates as far back as 2002, Premera said.
Under the federal Health Insurance Portability and Accountability Act (HIPAA), health insurance companies are not required to encrypt the data stored on their servers. However it is still not confirmed whether the information disclosed in Premera’s hack was encrypted.

The sensitive information of customers held by health care organizations including Social Security numbers appears to be attractive to hackers who seek to steal identities.

There is a warning for health care companies by Law enforcement that they may face an increased risk of data breach attacks. After a cyber attack on US hospital group Community Health Systems in August, the FBI issued a flash warning to companies that it had observed “malicious actors targeting healthcare related systems,”  possibly to gain health care information or personal identification information, according to Reuters.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...