Another health insurer has been hacked
Premera Blue Cross revealed Tuesday it was the target of a “sophisticated cyberattack” which might have compromised the names, addresses, Social Security Numbers, and other personal information of an estimated 11 million people who have purchased its health insurance.
Premera discovered the breach January 29. It’s thought to have started May 5, 2014, and to have “involved dates back to 2002.” The company says it began contacting its customers via postal mail yesterday — March 17 — and has advised customers who haven’t received a letter by April 20 to call its help line.
This data breach is similar to the February hacking of Anthem, the nation’s second-largest health insurer, which is thought to have compromised the personal data of up to 80 million people.
Anthem is believed to have been hacked by a group sponsored by the Chinese government. A similar group might also be behind the Premera hack, according to independent security journalist Brian Krebs, who previously reported China’s links to the Anthem hack.
Information collected from health insurers is attractive partly because it allows identity theft and fraud. But, if the hacks were sponsored by the Chinese government, the affected data is more likely to be used to conduct phishing attacks on military personnel, government officials, and other high-value targets.
The original hackers aren’t the only ones who can benefit from the data breach, of course. Unaffiliated phishers have already targeted Anthem customers; Premera’s could also be affected in the near future in much the same way. Sadly, this breach will create a cascading series of problems for anyone who has had anything to do with Premera over the last decade.
Premera is offering two years of free credit monitoring and identity theft protection services to affected customers. It is also working with the FBI and the Mandiant security firm to investigate the breach.