New York Health Insurer’s Security Hack Risks 10 Million Records

A New York based, nonprofit health insurance company, Excellus BlueCross BlueShield had declared on Wednesday
(September 09) that cyber attackers have breached its Information Technology
(IT) systems which had exposed the information for as many as 10 million
of its clients nationwide. People who have been affected include 7 million
Excellus members and 3.5 million members under the affiliate Lifetime
Healthcare Companies.

According to the Security experts health care companies tend to contain
large amount of data of users regarding their personal information which is why
they are increasingly becoming the target of hackers.
The company believes that the attackers may have gained unauthorized
access to information of individuals’ names, dates of birth, Social Security
numbers, mailing addresses, telephone numbers, member identification numbers,
financial account information and claims information.
Apart from this, the hackers might have
got hold of
most personal information, revealing not only financial
details but even violating the privacy of their medical history.

The
insurance company had discovered the first
cyber breach that gave hackers the potential to access the records of its users
in August 2015.
According to Spokesman of Excellus, Kevin Kane, the
company had hired cyber security firm ‘Mandiant’ to conduct a forensic review
of its computer system, seeing the rise in attacks. The security firm found evidence
of cyber break-ins dating back to Dec. 23, 2013 after which the Federal Bureau
of Investigation was called in to notify the customers.
Though, the company has found no data leaving the
insurer’s systems till now nor is there evidence that the compromised data has
been used fraudulently, but it plans to
offer two years of free identity theft
protection service from risk-mitigation and investigation to the affected
users.
A Professor at the New
York based 
University
at Buffalo
 and an expert on cyber deception and
information technology, Arun Vishwanath
said that health care breaches
are more harmful as they impact insurer’s
“vendors, physician offices connecting to them, and accessible affiliates all
over the country,”

In 2015, Ponemon
Institute in Michigan declared
a report stating that criminal cyber attacks on the
US health sector had increased 
125% since
2010.

The report also stated that the healthcare organizations lacked resource, process and technology to
prevent and detect attacks or protect the data, despite holding abundance of
personal information of its users which has become the reason of increasing
cyber attacks on them.
There has been a string of attacks on
the health insurance industry in the past year.
The breach on Excellus came six months
after a breach at Washington’s ‘
Premera Blue Cross’ which had
exposed the records of 11 million customers and seven months after a breach
at ‘Anthem’ that disclosed up
to 80 million records.
Earlier, UCLA Health
System
and CareFirst were also breached of their security, risking their
customer’s details.

Leave a Reply