Excellus BlueCross BlueShield and its parent company, Lifetime Healthcare, announced today that they were hacked and the information of 10.5M customers have been compromised. The vulnerability was discovered when Excellus hired cybersecurity firm, FireEye, Inc., to investigate. This news comes after Anthem and Premera BlueCross BlueShield announced they were hacked earlier this year.
Here’s a roundup of the top 5 things you need to know about the breach so far.
1) The stolen Excellus data is highly sensitive
Like any other healthcare company, Excellus carries medical records in their database which are be extremely valuable to a hacker – up to 10x more valuable than a credit card. The Excellus data stolen could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.
2) It took Excellus 19 months to discover the breach
The initial hack of the Excellus systems occurred on December 23, 2013, but it wasn’t discovered until August 5, 2015. The delay in discovering the breach is very concerning and should encourage all other healthcare companies to take a close look at how they’re handling cybersecurity – both prevention and detection.
3) The breach affects primarily Excellus customers in upstate New York
This assumes that the breach numbers don’t rise, but the victims of the attack reside mostly in the upstate New York area, which is where Excellus, a BlueCross BlueShield affiliate, is located.
4) How to know if you are affected
If you are an Excellus or Lifetime customer and you were affected, you may receive a letter in the coming days with an offer for two years of identity-theft protection. If you are concerned that you were affected, you should contact one of the major credit reporting agencies (such as Equifax) and place a free credit alert on your file. Do not open any emails that claim to be from Excelllus or Lifetime – hackers have been known to use a method called phishing to steal financial or other personal information. Wait for the letter to come in the mail.
5) Healthcare data breaches are an epidemic
The records compromised in the Excellus breach have been reported at 10.5M, which makes this a top 20 healthcare data breach. The state of cybersecurity in healthcare is becoming increasingly worrying, as there have been 18 reported breaches so far this year, according to the Privacy Rights Clearinghouse. A recent survey found that the vast majority of healthcare organizations have had their networks compromised in a cyberattack – 81% to be exact.
As we’ve said many times before, we are in a cyberwar and healthcare organizations are one of the primary targets. It’s imperative that the healthcare sector take preventionary and proactive measures to bolster its security processes, systems and measures in safeguarding its genuine, digital assets.