Hack on Premera Blue Cross exposes 11M customer records

[Borg 386]

A recently discovered cyberattack on health insurance provider Premera Blue Cross last year may have exposed the medical data and financial information of 11 million customers, the company revealed Tuesday, the latest security breach at a health industry organization.

Hackers gained unauthorized access to customers' personal information, including names, birthdates, Social Security numbers, and claims information during the May 2014 intrusion, said Premera, a health benefits provider in the Pacific Northwest. Other information exposed included bank account information, email addresses and telephone numbers, Premera said.

The breach was discovered January 29, just days before Anthem, the No. 2 health insurer in the US, revealed that it was the victim of what may be the largest ever data breach involving a US health insurer. Anthem said the attack on its servers compromised the unencrypted personal information such as names, dates of birth, member IDs, and Social Security numbers for as many as 80 million current and former members and employees.

Hack on Premera Blue Cross exposes 11M customer records - CNET

Premera Blue Cross hit by "sophisticated" hack, 11M affected | ZDNet

 

[Cr00zng]

Pamera is used by Amazon, Microsoft, and Starbucks among other companies in the area...

I am not surprised that another Blue Cross company had a data breach, nor would I be surprised, if all of them will have one. The "Blues" are interconnected that complements the propagation of the hack. The question is, will all of them be able to detect the data breach?

 

[Layback Bear]

Once a cloud data has been hacked people personal information will be forever known to the bad guys and could be use later, much later when people are not watching. They can also sell this information to other crooks to be use even later.

To put it simple.
Cloud security has not kept up with Cloud usage.

 

[Borg 386]

This one was Blue Crosses fault. Documents reveal they didn't encrypt the SS data all for the sake of convenience.

In this instance, Anthem didn't even have your records encrypted (and lord knows they can afford to do so). Apparently, encrypting your data would have been inconvenient.

You can have the best security, but if you're too damn lazy to use it, it does no good. Yes, I am mad at them because had they gotten the ID numbers of the medical cards, those could have been changed. Your SS stays with you for life. meaning I don't know if my identity will be compromised 2 years from now, or 20 years from now. It's out there now for good. Thanks Blue Cross. Hope you get sued into oblivion. Maybe other companies will take that as an example & do the right thing, even if it is "inconvenient."

 

[Cr00zng]

This one was Blue Crosses fault. Documents reveal they didn't encrypt the SS data all for the sake of convenience.

I don't disagree that this one was Blue Cross' fault, but not for the reason stated...

There's no regulations for health insurance companies to encrypt the data at rest. It is currently recommended, but not required and as such, the "Blues" were in compliance as far as the encryption is concerned...

Encryption would not help in the case of stolen system level accounts. Administrators, be that for system or database, will need access to the encrypted data. Regardless of the type of encryption, these accounts have no problems connecting to the data.

On the other hand access control and monitoring privileged level access to PHI data is a regulatory requirement and this where the "Blues" were not in compliance. If the previous "Blues" data breach is any indication, where they did not monitor admins access and waited until a DBA discovered it, the current data breach has been caused by the lack of tighter access controls and monitoring the access. Simply requiring admins to use two-factor authentication would have prevent these data breaches.

 

[Layback Bear]

To me the point is, once your information is in the hands of others you have no control of that information.
I really don't know what we as individuals can do about the security of our information is such cases.

Once the bad guys get your Social Security Number (SSN) they have it forever and can sell it to whomever. How would one watch if this information to see if it is abuse over a long period of time.

We are just Fxxxxx because of poor cloud management in the control of others.

 

[Borg 386]

Once the bad guys get your Social Security Number (SSN) they have it forever and can sell it to whomever. How would one watch if this information to see if it is abuse over a long period of time.

Yepperz, meaning me & other people that were effected by this little snafu are going to have to be on guard for the rest of our lives.

Since Anthem is offering 2 years of credit monitoring, I imagine a whole slew of problems will start popping up 2+ years from now as more savvy hackers will wait until then & probably start slowly using the compromised SS numbers around that time.

 

[Layback Bear]

Because our SSN are ours forever; they are now the hackers SSN for ever.

 

[Borg 386]

Because our SSN are ours forever; they are now the hackers SSN for ever.

Exactly

 

[Cr00zng]

Because our SSN are ours forever; they are now the hackers SSN for ever.

Under these circumstances, I don't want to live for ever...

 

[Borg 386]

Well, Target is paying up for the breach, & that was only for credit card numbers.

Anthem BC/BS is insured for up to 100 Million in the event of a lawsuit, but some analysts have pointed out even that may not be enough to cover the damages when all is said & done.

Target to pay $10 million to victims of data breach - CNET

 

[Cr00zng]

Target got off cheap, even if you add the $6.7M that they paid to the layers. Target has $2.2B cash, the total of ~$17M for the data breach is chump change for them...

 

[Borg 386]

Yeah, and they'll probably write it off as a loss when it comes to tax time.

I see the real winners of this were the lawyers...once again.

 

[Layback Bear]

In the U.S.A. I would recommend watching your income tax returns. Someone else just might file before you with your information and get your tax return and be gone.

 

[Solarstarshines]

My SS has Child support on it lol go ahead make my day and get me out of paying hahahaha

They wouldn't even look at mine they would get nowhere with it

 

[Borg 386]

In the U.S.A. I would recommend watching your income tax returns. Someone else just might file before you with your information and get your tax return and be gone.

Hate to say this, but it's already happening. Some people are finding that their taxes have already been filed & the IRS sent out a check to a fraudulent address.