It would appear that hackers have found a rich new source of data to be mined – Health Care Insurers. Insurance giant Anthem had the records of approximately 80 million customers exposed when hackers breached their digital system in February of this year. This was followed by an attack on Premera, an Alaska based insurance company in March where as many as 11 million records were stolen and then FirstCare, another insurer in May.
The latest reported attack on an insurance provider comes from Excellus Blue Cross Blue Shield in Upstate New York. The company released word this week that their system had been breached and as many as 10 million records may have been lost to hackers. According to officials at Excellus the company became concerned about the reported digital breaches at Anthem, Premera and FirstCare and ordered a forensic check of their system by noted cyber security firm Mandiant. A subsequent investigation of the Excellus system by Mandiant determined that a breach had indeed occurred and that the cyber attack had begun back in December 2013. The investigation by private and government agencies continues in an effort to determine the extent of the damage and who might be responsible for the long term breach.
Health care insurers such as Anthem, Premera, FirstCare and Excellus are prime targets for hackers because of the wealth of information that is stored on their servers. A successful breach can provide hackers with a treasure trove of information including social security numbers, email and home addresses, telephone numbers, dates of birth, credit card and bank account numbers, and of course medical records. When such a breach occurs it is not only customer data that may be lost but personal employee data as well. Carrying the possibilities even further, any organization affiliated with the breached company may be vulnerable as well.
This string of health care related breaches should be sounding alarm bells in the C-Suites at national health insurers across the country. If board members are not demanding reassurances from their CISO’s about the soundness of their systems security, they should be. It’s clear from this pattern of attacks that the bad guys are really on to something in their ongoing search for PII and its up to the good guys…that’s us…to thwart their efforts.
As the old medical saying goes…An ounce of prevention is worth a pound of cure. For more information on how you can obtain your ounce of prevention see this prescription.