Excellus BlueCross BlueShield announced on Wednesday that its computer systems and the systems of its affiliates have been breached in a major cyberattack, which the Democrat and Chronicle has called “the biggest known computer hack in local history.”
The Rochester-based health insurance company stated that more than 10 million people were likely affected when cyberhackers infiltrated the computer systems. According to the Rochester Business Journal, this compromised data includes names, addresses, phone numbers, financial information, Social Security numbers, and in some cases, “sensitive medical information.”
Officials from Lifetime Healthcare, the parent company of Excellus, announced on Wednesday afternoon that the company detected unauthorized access to its IT systems on Wednesday, August 5; however, the breach seems to have been ongoing and undetected for the past 19 months.
Excellus BlueCross BlueShield and Lifetime Healthcare notified the FBI immediately, and both companies have been cooperating fully with federal investigators in order to close vulnerabilities which allowed hackers to infiltrate the system. The companies have also begun mailing letters to all people possibly affected in the breach.
Excellus spokesman Jim Redmond stated that the companies are not entirely sure whether any personal information was actually stolen, but because the hackers had unauthorized access to this information, Excellus is offering two years of free credit monitoring and identify theft protection services for all affected individuals.
According to Reuters, Excellus and its affiliates provide health insurance services to individuals in 31 Upstate NY counties in the Rochester and Buffalo regions. It’s estimated that seven million Excellus customers were possibly targeted in the breach, while an additional 3.5 million Lifetime Healthcare customers were targeted as well.
According to the DandC, this incident appears to be part of a nationwide trend involving cyberattacks that have targeted BlueCross affiliates over the past two years. The latest data from 2013 shows that approximately 43% of U.S. businesses were involved in a data breach in just that year, and healthcare-related businesses have increasingly become prime targets for major cyberattacks.
Officials announced that any companies and individuals who do business with the following services should be aware that their personal information was possibly compromised in the latest attack:
- Excellus BlueCross BlueShield
- Lifetime Benefit Solutions
- Lifetime Care
- Lifetime Health Medical Group
- the MedAmerica Cos.
- Univera Healthcare
“Protecting personal information is one of our top priorities and we take this issue very seriously,” said Christopher Booth, CEO of Excellus BlueCross BlueShield, in an official statement. “We’re making a broad range of services available today for our members, our employees and other impacted individuals to help protect their information.”