The cyberattack on Premera Blue Cross, which shares IT systems with LifeWise Health Plan of Oregon, threatens 11 million customers.
BY JACOB PALMER | DIGITAL NEWS EDITOR
The cyberattack on Premera Blue Cross, which shares IT systems with LifeWise Health Plan of Oregon, threatens about 11 million customers.
The cyberattack started as early as last May and breached information going back to 2002, the Portland Business Journal reports.
Medical records can be sold on underground criminal exchanges and can be used to engage in insurance fraud, the [New York] Times reported. [Health care security expert Dave Kennedy] referred Oregon customers to Lifewiseupdate.com for information on the attack and to access two years of free credit monitoring and identity protection services to anyone affected by the incident.
A message on the site reads in part: “Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, address, telephone number, email address, Social Security number, member identification number, bank account information, and claims information, including clinical information.
“The security of LifeWise’s members’ personal information remains a top priority. We at LifeWise take this issue seriously and sincerely regret the concern it may cause,” said LifeWise spokesman Jeff Roe in a Portland Tribune story.
Premera said it is taking additional steps to ensure its data is not vulnerable to attacks again, the Seattle Times reports.
Eric Earling, vice president of corporate communications at Premera, said the company waited to announce the breach because it was advised to cleanse and secure the IT systems beforehand.
“We completely recognize the frustration and concern it can cause to know there may have been unauthorized access to information,” Earling said. “But there is no evidence that information was actually taken.”
Meanwhile, in Central Oregon, Redmond-based Advantage Dental — which serves low-income patients — was targeted by hackers, putting 151,000 customers at risk.
Names, Social Security numbers, birthdays and contact information were all accessed by the cyber-intruders, the Bend Bulletin reported Monday.
Jeff Dover, Advantage’s compliance manager, said the theft occurred when malware gained access to an Advantage employee’s computer and obtained a username and password that allows access to the membership database, which is separate from the database that contains financial and treatment information. All Advantage computers are equipped with anti-virus software, but sometimes software does not detect new variations of a virus, he said.
“Unfortunately this happened,” he said. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”
The information was stolen in late February over a three-day span.