New York Health Insurer's Security Hack Risks 10 Million Records

A New York based, nonprofit health insurance company, Excellus BlueCross BlueShield had declared on Wednesday (September 09) that cyber attackers have breached its Information Technology (IT) systems which had exposed the information for as many as 10 million of its clients nationwide. People who have been affected include 7 million Excellus members and 3.5 million members under the affiliate Lifetime Healthcare Companies.

According to the Security experts health care companies tend to contain large amount of data of users regarding their personal information which is why they are increasingly becoming the target of hackers.

The company believes that the attackers may have gained unauthorized access to information of individuals' names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.

Apart from this, the hackers might have got hold of most personal information, revealing not only financial details but even violating the privacy of their medical history.

The insurance company had discovered the first cyber breach that gave hackers the potential to access the records of its users in August 2015.

According to Spokesman of Excellus, Kevin Kane, the company had hired cyber security firm ‘Mandiant’ to conduct a forensic review of its computer system, seeing the rise in attacks. The security firm found evidence of cyber break-ins dating back to Dec. 23, 2013 after which the Federal Bureau of Investigation was called in to notify the customers.

Though, the company has found no data leaving the insurer's systems till now nor is there evidence that the compromised data has been used fraudulently, but it plans to offer two years of free identity theft protection service from risk-mitigation and investigation to the affected users.

A Professor at the New York based University at Buffalo and an expert on cyber deception and information technology, Arun Vishwanath said that health care breaches are more harmful as they impact insurer’s “vendors, physician offices connecting to them, and accessible affiliates all over the country,"

In 2015, Ponemon Institute in Michigan declared a report stating that criminal cyber attacks on the US health sector had increased 125% since 2010.

The report also stated that the healthcare organizations lacked resource, process and technology to prevent and detect attacks or protect the data, despite holding abundance of personal information of its users which has become the reason of increasing cyber attacks on them.

There has been a string of attacks on the health insurance industry in the past year.

The breach on Excellus came six months after a breach at Washington's ‘Premera Blue Cross’ which had exposed the records of 11 million customers and seven months after a breach at ‘Anthem’ that disclosed up to 80 million records.

Earlier, UCLA Health System and CareFirst were also breached of their security, risking their customer’s details.