Only a month ago, we learned that hackers compromised over 80 million health insurance records in an attack on health insurance provider Anthem Inc. in what may have been a state-sponsored attack from China. Now, it just seems like the start of a trend.
Last night, insurance provider Premera Blue Cross put up a an entire website dedicated to letting its customers know that a similar attack had compromised an additional 11 million records. Only this time, the damage is much worse: In the case of Anthem, they got away with some sensitive info, like names and social security numbers—in the Premera attack, hackers gained access to entire patient histories, allowing for greater risk of abuse and identity theft.
From the “Premera Update” landing page:
This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.
Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.
Premera took their sweet time letting everyone know—the attack was carried out last May, and was detected in late January, 2015—but at least they’re offering a full suite of services like credit monitoring and identity protection to affected customers. And of course, in a perfect flourish of irony, the site they set up for dealing with the attacks doesn’t have any security protocols like HTTPS certification to protect it.
So who performed the attacks? No one will say, at least for a long time. For one, attribution is just incredibly difficult. Also, since the Feds are involved, there’s little chance that there will be comment on an ongoing investigation. But given that China is thought to be responsible for the Anthem breach, the infiltration was highly sophisticated, and the private contractor that’s been brought in to clean up the mess specializes in Chinese cyberattacks, all signs point to China at this point.