Hackers gained illegal access to customer's personal information, including names, birth dates, Social Security numbers, and claims information during the May 2014 intrusion, said Premera, a health benefits provider in the Pacific Northwest. Other informations which were exposed included bank account information, email addresses and telephone numbers, according to Premera.
The security breach was discovered January 29, just days before Anthem, the No. 2 health insurer in the US, revealed that they are the victim of what may be the largest ever data breach involving a US health insurer. According to Anthem the attack on company's servers comprmised unencrypted information which includes names, dates of birth, member IDs, and Social Security numbers for as many as 80 million current and former members and employees.
Premera said they are working with the FBI to investigate the attack but said it has not yet determined whether any information was removed from the servers or "used inappropriately." The customer information that may have been compromised dates as far back as 2002, Premera said.
It was not immediately clear whether the information exposed in Premera's hack was encrypted. Under the federal Health Insurance Portability and Accountability Act (HIPAA), health insurance companies are not required to encrypt the data stored on their servers.
Premera did not immediately respond to a request for comment.
The combination of sensitive customer information held by health care organizations - especially Social Security numbers -- make them particularly attractive to hackers looking to steal identities.
Law enforcement began warning health care industry companies last year that they may face an increased risk of data breach attacks. Following a hacking attack on us hospital group community health system in August, the FBI issued a flash warning to companies that it had observed "malicious actors targeting healthcare related systems," perhaps for the purpose of obtaining health care information or personal identification information, according to Reuters.
The security breach affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliated brands Vivacity and Connexion Insurance Solutions.