UPDATED: Data breach at Premera/Blue Cross may affect thousands in Washington

The breach was discovered Jan. 29, 2015, and Premera has determined that the breach was the result of a May 5, 2014, cyberattack.

By Dean Radford • March 17, 2015 4:24 pm

Premera Blue Cross’s computer systems were hacked in early May 2014, potentially allowing access to personal information of about 11 million members and applicants, the company announced Tuesday.

The information could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information.

“The investigation has not determined that any such data was removed from our systems,” according to a Premera press release. “We also have no evidence to date that such data has been used inappropriately.”

Affected are individuals in Washington, Oregon and Alaska.

Premera discovered on Jan. 29 that cyberattackers had executed a sophisticated attack on May 5, 2014, to gain unauthorized access to its Information Technology (IT) systems, according to the news release.

The cyberattack affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Also affected were  members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska, according to Premera.

Premera notified the FBI and is coordinating with the bureau’s investigation.

Premera worked with Mandiant, one of the world’s leading cybersecurity firms, to conduct its investigation and to remove the infection created by the attack on its IT systems, according to the release.

Premera is mailing letters to affected individuals. It is providing  two years of free credit monitoring and identity theft protection services through Experian to affected individuals.

Members and affected individuals can contact a dedicated call center for assistance.

The information involved dates back to 2002 and individuals who believe they are affected by this incident but who have not received a letter by April 20, are encouraged to call 1-800-768-5817, Monday through Friday, between 5 a.m. and 8 p.m. Pacific Time (closed on U.S. observed holidays).

More information, including directions on how to sign up for credit monitoring and related services, is available at www.premeraupdate.com.

The Legislature is currently considering attorney general-request legislation to strengthen notification requirements when data breaches occur, according to a press release from the Attorney General’s Office.

HB 1078 passed the House March 4 and is now before the state Senate.

For more information on how to protect yourself from identity theft and how to recover, visit www.atg.wa.gov/identity-theftprivacy.