New York health insurer hacked, over 10 million members possibly affected


A datacenter server room.

By Bill Berkrot

(Reuters) – Upstate New York health insurer Excellus BlueCross BlueShield on Wednesday said its computer systems and those at affiliates had been breached, exposing data from more than 10 million members, in the latest case to show the industry is still struggling to ward off hackers.

The Rochester-based insurer said it and its affiliates had been the target of a sophisticated cyber attack and that it was taking steps to address the situation and offering free identity theft protection services to those affected.

Excellus said it learned of the cyber attack on Aug. 5 from experts it had hired to perform a forensic assessment of its computer systems following hacking attacks on other health insurers. A subsequent investigation found that the initial hack occurred in December of 2013.

From VentureBeat

Massive customer engagement through mobile? Yes you can. Join us for an interactive live expert Q&A — it’s free!

“We are taking additional actions to strengthen and enhance the security of our IT systems moving forward,” the company said in a notice posted on its website.

Attackers may have gained access to members’ information, including names, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information, the company said.

“The investigation has not determined that any such data was removed from our systems and there is no evidence to date that any data has been used inappropriately,” Excellus spokesman Jim Redmond said.

Excellus and its affiliates serve people in 31 upstate New York counties and the Buffalo and Rochester markets. Excellus said 7 million of its members may have been affected, as well as

another 3.5 million individuals served by affiliated Lifetime Healthcare Companies.

“The FBI is investigating a cyber intrusion involving Lifetime Healthcare Companies, which include Excellus BlueCross BlueShield, and will work with the firms to determine the nature and scope of the matter,” the FBI confirmed in an emailed statement.

“Individuals contacted by the companies should take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center,” it added.

Earlier this year, Anthem, the second-largest U.S. health insurer, said it was the victim of a massive cyber attack in which records of nearly 79 million customers had been accessed.

(Reporting by Bill Berkrot and Nate Raymond, Editing by Ken Wills)


Products You May Like

Articles You May Like

VISA issues warning as Britons targeted by dangerous scams – ‘don’t be embarrassed’
Bill Gates wrote pros and cons list of marrying Melinda, she tells Netflix documentary
Why are Bill and Melinda Gates getting a divorce? Statement in full
Anthony Fauci confident US ‘will reach goal’ of 70 percent American vaccinate by July
Halifax and HSBC are ending bank account switch offers this week – the deadlines to note