Cyberattack on Premera Blue Cross Exposes 11 Million

March 17, 2015
Laura Joszt, MA
Laura Joszt, MA

Laura is the editorial director of The American Journal of Managed Care® (AJMC®) and all its brands, including The American Journal of Accountable Care®, Evidence-Based Oncology™, and The Center for Biosimilars®. She has been working on AJMC® since 2014 and has been with AJMC®'s parent company, MJH Life Sciences, since 2011. She has an MA in business and economic reporting from New York University.

Millions more Americans have become exposed to another cyberattack on a health plan as Premera Blue Cross announced it had been the target of a sophisticated attack to gain access to its information technology systems.

Millions more Americans have become exposed to another cyberattack on a health plan as Premera Blue Cross announced it had been the target of a sophisticated attack to gain access to its information technology (IT) systems.

The attack affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the affiliate brands Vivacity and Connexion Insurance Solutions, according to a press release from Premera. The company discovered the cyberattack on January 29, 2015, which was the same day as the cyberattack on Anthem, Inc’s IT system. The hack on Anthem put as many 80 million current and former customers’ information at risk.

"The security of Premera's members' personal information remains a top priority," Jeff Roe, chief executive officer of Premera, said in a statement. “We at Premera take this issue seriously and sincerely regret the concern it may cause. As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."

According to Premera’s investigation, the hackers may have gained access to such information as members’ names, dates of birth, Social Security numbers, mailing addresses, email addresses, telephone numbers, member identification numbers, bank account information, and claims information, which includes clinical information.

At this time, though, Premera has been unable to determine if any of the data was removed from the systems, and there has been no evidence that such data has been used inappropriately.

The company is mailing letters to the approximately 11 million individuals who were affected and is offering 2 years of free credit monitoring and identity theft protection services. Beneficiaries were not the only people potentially affected. According to Premera, individuals who also do business with Premera and have provided email addresses, personal bank account numbers, or Social Security numbers are also affected.

Additional information about Premera's response to this cyberattack can be found at www.premeraupdate.com.

“The security of personal information remains a top priority for us,” Roe said. “And along with steps we took to cleanse our IT systems of issues raised by this cyberattack, we’re taking additional actions to strengthen and enhance the security of IT systems moving forward.”