Latest Health Insurance Hack May Affect 10.5 Million People
The personal details of approximately 10.5 million health insurance customers have been exposed by the latest cyber-attack on the health care industry.
Excellus Blue Cross Blue Shield and Lifetime Health Companies, upstate New York's largest health insurer, discovered the attack on August 5th this year. The cyberattack exposed information like birthdates and social security numbers, and also patients’ member identification numbers, financial account information and claims information.
Insurers learned the information was compromised while doing a forensic assessment of IT systems, prompted by similar breeches among other health care companies.
The health insurers waited a month after the discovery before disclosing the breech but this is not uncommon, explains Andy Meneely, an assistant professor of software engineering at the Rochester Institute of Technology.
"If you disclose that you were hacked immediately after it happens, then you’re just inviting more hackers," he says. "So, they really had to make sure that they were secure."
The company’s website says the initial attack happened in December of 2013.
The health care sector has accounted for more than 20 percent of data breaches this year according to digital security company, Gemalto.
Excellus notified the FBI and is cooperating with the bureau’s investigation.
“Protecting personal information is one of our top priorities and we take this issue very seriously,” said Christopher Booth, the corporation’s chief executive officer.
Excellus is beginning to mail letters to affected individuals today and is providing two years of free identity theft protection services through Kroll, a company involved in risk mitigation.
A dedicated call center at 1-877-589-3331 has been set up for members and other affected individuals. The company has also established a dedicated website (www.excellusfacts.com), where members and other affected individuals can view frequent questions and answers and sign up for the free credit monitoring service and identity theft protection services.