Peninsula Daily News and news sources
MOUNTLAKE TERRACE — Premera Blue Cross, a health insurer based in Snohomish County, said Tuesday that it was the victim of a cyberattack that could affect 11 million people.
The company said hackers gained access to its systems May 5 and that it did not discover the breach until Jan. 29.
The breach could have exposed members’ names, dates of birth, Social Security numbers, mailing and email addresses, phone numbers, member ID numbers and bank account information, the Mountlake Terrace company said.
The information dates as far back as 2002 and affects users of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and Vivacity and Connection Insurance Solutions.
Claims information, including clinical information as well as the personal information of people who did business with Premera, could also have been exposed.
Premera said it has not found evidence that data was removed from its systems or that customer information has been used inappropriately.
It will provide two years of free credit monitoring and identity theft protection services to consumers affected by the breach.
The company is working with the FBI and cybersecurity firm Mandiant to investigate the breach and remove any lingering infection of its systems.
Premera said it is taking additional actions to strengthen and enhance the security of its IT systems.
Premera currently has about 1.8 million members. It provides health, life, vision, dental, disability and other types of insurance.
Washington state Insurance Commissioner Mike Kreidler said he is concerned about the delay from when the company learned of the attack and when it was announced, six weeks later.
But his immediate concern, he said, is that customers — more than 6 million of whom are in Washington — be notified as soon as possible.
“Premera has assured me that there is no evidence to date that any information was removed from their system or that any data has been used,” he said in a statement.
The company has set up a dedicated call center for its members and other affected individuals, and more information can be found at www.premeraupdate.com.
Companies ranging from retailers Target and Home Depot to Sony Pictures Entertainment have disclosed expensive and embarrassing data breaches recently.
In February, Anthem, the second-largest health insurer in the U.S., disclosed a breach that affected about 80 million customers.
Cybersecurity experts said that attack was a sign that hackers are shifting their focus away from retailers and looking at targets in health care and other fields because their systems may be more easily breached.
