Premera security breach exposes 11 million customers

Millions of Premera customers are finding out their insurer was hit by a huge cyber attack. But the company says it has no evidence any data was removed from its system. Elisa Hahn reports.

SEATTLE – Millions of Premera customers are finding out their insurer was hit by a huge cyberattack. But the company says it has no evidence any data was removed from its system.

Premera, based in Mountlake Terrace, announced Tuesday the security breach impacts its 11 million customers, including customers dating back to 2002.

The insurer said an investigation revealed the initial malware attack happened on May 5, 2014, and went undetected until January 29, 2015.

Eric Earling, vice president of corporate communications, says they had good reason not going public with the breach until now.

"[We had to] make sure the IT systems are secured and protected before an announcement is made," said Earling. "We were advised that these type of cyber attackers will engage in even more malicious activity if you make an announcement before you secure IT systems."

Cyber security expert Bryan Seely, of Seely Security, says a breach with a health insurer is far worse than someone stealing your credit card number.

"You're definitely in a different world of hurt," said Seely. "You have now socials, private information, and that stuff can't be reissued. They can't just issue a new social security number and date of birth."

Premera admits hackers could have accessed names, addresses, dates of birth, Social Security numbers, bank information and clinical information. That information dates back as far as 2002.

The insurer said that while the attackers may have gained access, there is no evidence thus far that any of the data has been used illegally.

Premera is sending out letters to its customers, offering two years of free credit monitoring and identity theft protection services to those affected. A call center is also being set up. More information can be found at its website, www.premeraupdate.com

The company said it is working with the FBI and the cybersecurity firm Mandiant to investigate the attack and fix the problem.

"I'm very concerned about this and other data breaches that put Washingtonians at risk," Washington Attorney General Bob Ferguson said in a statement. "My team is looking into what happened, and we will do everything we can to protect consumers."

The attack affects Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc.

KING 5's Elisa Hahn contributed to this report.


JOIN THE CONVERSATION

To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment