Petronella Blog Archive

Visit our New Blog

11 Million Medical and Financial Records Compromised

Blog Post

First Target, now Premera Blue Cross.

A major security breach was disclosed today by the health care services giant, Premera Blue Cross, that put the financial and medical records of its 11 million-customer database at risk. Though they have neither confirmed nor denied, indications suggest that this could be the state-sponsored work of Chinese spy groups. The attacks began as early as May of 2014, but Premera did not wizen up to the breaches until Jan. 29, 2015.

“This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.”

Premera is already in clean-up mode. In addition to mailing affected clients, they are also offering free credit-monitoring via Experian. They are also working in tandem with the FBI and the specialized security firm, Mandian, to uncover the hackers, though they are not allowed to comment on the case, due to its ongoing nature.

That being said, there are similarities between this crime, and an attack on the company Anthem. Like this new case with Premera, Anthem’s breaches started slowly, in April 2014. Anthem was known as Wellpoint until late 2014; the hackers used the web address we11point.com in order to trick Wellpoint/Anthem employees into sharing their login information. The Premera hackers used prennera.com to attain the information.

ThreatConnect, a security firm located in VA, made the wellpoint/we11point connection, and stated in February that ““It is believed that the prennera[.]com domain may have been impersonating the Healthcare provider Premera Blue Cross, where the attackers used the same character replacement technique by replacing the ‘m’ with two ‘n’ characters within the faux domain, the same technique that would be seen five months later with the we11point[.]com command and control infrastructure.”

CyberSecurity is an ongoing concern. Petronella would like to remind its consumers to stay alert and wary on their internet security.