Cyber criminals continue to make their presence known in the healthcare industry. This time, their target was Premera Blue Cross. As first reported by the Wall Street Journal, hackers gained access to medical records and other personal data of the 1.8 million Premera Blue Cross health plan members in Washington State and Alaska as well as individuals who conducted business with the company. The data breach was first detected on January 29, 2015; the same day that Anthem detected a breach impacting nearly 80 million records. However, unlike the Anthem cyberattack, hackers involved in the Premera data breach have another means of generating revenue through stolen medical claims information.
According to a statement from Premera, a “sophisticated attack” initially occurred on May 15, 2014, but was not detected until January 29, 2015. During that time, attackers inside the company’s network had access to names, birth dates, addresses, telephone numbers, email addresses, Social Security numbers, member identification numbers, medical claims information and other financial information. The data that hackers accessed goes back to 2002.
As HOSTING CISO Johan Hybinette explained in his blog post, Safeguarding Your Protected Health Information, hackers have numerous ways in which they can benefit from stolen protected health information (PHI) including illegal access to prescription drugs and the ability to file fraudulent medical claims. The addition of medical claims information offers hackers the opportunity to blackmail individuals who may not want that information to be made public.
Organizations typically call in law enforcement agencies when criminals attempt to blackmail them. However, criminals are more successful at extracting money from individuals who want to keep sensitive health information private. Hackers can search for sensitive clinical data such as poor test results, and email patients threatening to make that information public unless they pay to them to not expose it. While there have been no reports that such a scenario has occurred as a result of the Premera attack, security experts have seen this type of blackmail in cases involving hacked executive email accounts.
Premera said that they had notified the FBI as part of their investigation. They are also working with Mandiant, the same cybersecurity firm hired by Anthem. Affected individuals will receive letters in the mail from Premera, notifying them of the breach. The insurer said it will not email affected individuals and encouraged those people to be on the lookout for spam and phishing emails claiming to be from Premera. Individuals affected by the breach will receive two years of free credit monitoring and identity theft protection services through Experian.
Concerned about safeguarding your customers’ PHI? The HOSTING team of information security and compliance experts stands ready to help. Contact us anytime with your questions and concerns, and to learn more about the HOSTING Security Assessment. And view our on-demand webinar, The Changing Compliance Landscape for more information on HOSTING Security and Compliance Services that are custom-built for healthcare organizations.