<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- BYC2 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-1106519655083917" data-ad-slot="6959649232" data-ad-format="auto"></ins> <script> undefinedadsbygoogle = window.adsbygoogle || []).pushundefined{}); </script>
Home / Unlabelled / Hack Brief: Health Insurer Excellus Says Attackers Breached 10M Records

Hack Brief: Health Insurer Excellus Says Attackers Breached 10M Records

14:03:00
FEATURED 536028413 first aid medicine doctor health


2015 is quickly becoming the year of the health insurance data breach. The latest company to let hackers pry open its grip on patients’ data: Excellus Blue Cross Blue Shield, with as many as 10 million people’s personal records exposed.

The Hack


Excellus has revealed that in August of this year it discovered a nearly 2-year old intrusion campaign in its network that gave hackers access to potentially all its customers’ records. That data includes names, birth dates, Social Security numbers, mailing addresses, telephone numbers, and a variety of account information including claims and financial payment details. Those financial payment details included some credit card numbers, according to Excellus spokesperson Kevin Cane, though he cautioned that they were “a very small number compared to the total.”

“Safeguarding the privacy of your personal information is a top priority for us, and we make every effort to protect your information,” wrote Excellus CEO Christopher Booth in a statement. “Despite these efforts, Excellus BlueCross BlueShield was targeted in a very sophisticated cyberattack…We sincerely regret the frustration and concern this incident may cause.”

Who’s Affected

Excellus spokesperson Cane confirmed in a phone call with WIRED that between 10 and 10.5 million customers had their data potentially accessed in the breach. Beyond just Excellus itself, the company says that even some of its insurance partners within the Blue Cross Blue Shield network may be affected, accounting for about 3.5 million of those victims. Everyone affected will receive a letter from Excellus, along with two years of free credit monitoring from the company.

How Serious is This?


Excellus’ data includes some of its customers’ most personal information imaginable, revealing not only details like Social Security numbers but even violating the privacy of their medical history. The most immediate concern for victims, however, is financial fraud. Though the company says actual credit card details were breached for only a small number of victims, all of the potentially spilled data could be used in assembling profiles for identity theft.

Excellus says that it did encrypt that sensitive information. But it doesn’t seem to have done so in a way that would prevent hackers from seeing it. Excellus spokesperson Cane told WIRED that because the hackers had gained administrative access to the company’s network, they would be able to circumvent its encryption, likely by accessing decryption keys available to administrators. “The encryption is not even an issue at that point,” Cane said.
READ MORE
Hack Brief: Health Insurer Excellus Says Attackers Breached 10M Records Hack Brief: Health Insurer Excellus Says Attackers Breached 10M Records Reviewed by Utit Ofon on 14:03:00 Rating: 5

Post a Comment

No comments

Subscribe to: Post Comments (Atom)