Premera Blue Cross cyberattack affected 11 million people’s records

Reuters/Jim Urquhart
Health insurance company Premera Blue Cross said the FBI is helping investigate a January cyberattack that may have captured personal information for 11 million people, including bank account information and Social Security numbers.

The company said it had been a victim of a “sophisticated” cyberattack in which its systems and databases were breached, and attackers may have also captured sensitive data on people’s claims and clinical information. The Washington-based company serves millions of customers across Washington, Oregon, Alaska and other states.

As many as 11 million people were affected by the breach, including members and prospective members of our services and associated brands,” said the company in a statement.

READ MORE:Automakers stumped: Report says hackers can hijack almost any car

A slew of personal information of members and applicants was taken, including names, dates of birth, email and postal addresses, phone numbers, Society Security numbers and bank account information.

We also have no evidence to date that such data has been used inappropriately,” said the company.

The insurer discovered the attack on January 29 but said the initial attack began earlier on May 5, 2014, when hackers gained unauthorized access to the company’s information technology systems.

READ MORE:Sony hack prompts Congress, White House to back cyber bills

Premera said it has notified the FBI and is coordinating with its investigation into the attack.

The privacy and security of our members’ personal information is a top priority for us. As much as possible, we want to make this event our burden,” said Jeff Roe, President and CEO of Premera.

The company is offering clients two years of free credit monitoring and identity protection services to anyone affected by the hack.

Cyberattacks have occurred at other healthcare systems companies. At the same time as the hack on Premera, the Anthem health insurance company had a breach were around 80 million customer records were stolen. An Anthem services operator, Community Health Systems, was also hacked and 19 million non-customer records were accessed, but the companies believe attackers did not have access to medical information.