Not If, But When: Another Health Insurer Hacked

Posted by

This post first appeared on Goldberg Segalla’s Insurance & Reinsurance Report blog.

In mid-September, it was reported that hackers hit another set of health insurance companies. In this case, the hackers hit The Lifetime Healthcare Companies and its affiliates including Excellus BlueCross BlueShield, Univera Healthcare, and The MedAmerica Companies. A full list of plans affected can be found on the press release outlining the details of the attack.

Hackers took information on approximately 10 millions customers including seven million from Excellus and three million from associated entities. Company IT officials first discovered the intrusion on August 5, 2015 and found that the initial attack took towards the end of December in 2013.

According to a news release, hackers may have gained access to the following types of information: name, address, telephone number, date of birth, Social Security number, member identification number, financial account information, claims information and, in some instances, clinical information. Affected customers are being offered two years of free credit monitoring.

While this is not the largest data breach of a health insurance company, it is the largest for Western New York, especially centered on Rochester and the Finger Lakes region. Furthermore, it is the latest in a string of cyber attacks of health insurance companies including one at Anthem BlueCross BlueShield that resulted in a breach of data for 79 million customers.

Data breaches are the new normal. It is not a question of if, but when the next one will occur. Every company should ensure it is doing everything it can to protect the data it has and have a robust response plan for when the hackers strike.