Health insurance company Premera Blue Cross recently announced that hackers breached its systems on May 5, 2014 and stole as many as 11 million applicants’ and members’ personal, financial and medical information.
The breach wasn’t discovered until January 29, 2015.
“We worked closely with Mandiant, one of the world’s leading cybersecurity firms, to conduct our investigation and to remove the infection created by the attack on our IT systems,” the company said in a statement. “Along with steps we took to cleanse our IT system of issues raised by this cyberattack, Premera is taking additional actions to strengthen and enhance the security of our IT systems moving forward.”
The information potentially exposed, which dates back as far as 2002, includes names, birthdates, email addresses, mailing addresses, phone numbers, Social Security numbers, member ID numbers, bank account information, and claims information, including clinical information.
The email addresses, personal bank accounts numbers and/or Social Security numbers of individuals who do business with Premera may also have been exposed.
All those affected are being offered two years of free access to credit monitoring and identity theft protection services from Experian.
Investigative reporter Brian Krebs reports that a Chinese cyber-espionage group known as Deep Panda, Axiom, Group 72 and the Shell_Crew, which has also been blamed for the recent Anthem breach, may have been behind the attack.
RedSeal chief evangelist Steve Hultquist told eSecurity Planet by email that the Premera breach serves as a vivid reminder of how difficult it can be to uncover attackers once they’re in your network. “This once again underscores the need to use proactive analysis of every possible ingress and egress pathway to make sure it matches the intended security architecture,” he said.
“Far too often, the network is not as strictly divided into zones as intended, and many times unexpected or rare occurrences can cause network changes that leave the door open to unanticipated access,” Hultquist added. “Only automated analysis of all potential paths allow an organization to assess their real risk of attack.”
And Josh Cannell, malware intelligence analyst at Malwarebytes Labs, suggested by email that companies should look at the Anthem and Premera breaches as examples of what could potentially happen to them. “Some actors are transitioning to target large companies because they have found bigger payouts than going after individuals, and with the countless number of U.S. companies that have been targeted over the past few years, it’s definitely a growing trend,” he said.
“Businesses need their IT administrators to stay abreast on current software vulnerabilities and keep programs patched, as well as provide training to employees on how to spot possible social engineering attacks,” Cannell added. “An effective security strategy will plan for the worst and hope for the best, with that first part being very critical.”
A recent eSecurity Planet article offered 10 tips on how to mitigate data breaches.