Boston-based health insurer Premera Blue Cross announced recently that a cyberattack might have exposed medical data and financial information of 11 million customers.
The unauthorized data access was discovered on Jan. 29, but it might have been occurring as far back as May 2014, the company said. Premera said the attackers might have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birthdates, and other data. Premera did not release details on how the hackers gained access.
Unlike some recent HIPAA breaches, including Anthem’s case involving 80 million customers, the Premera breach included health information, the company said. Cybercrime experts say medical records are especially valuable on the black market because they can be used for insurance fraud.
Premera spokesman Eric Earling says there is no apparent link between the Anthem and Premera breaches. Premera identified the breach and reported it to law enforcement, Earling says. The attack affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliated brands Vivacity and Connexion Insurance Solutions.