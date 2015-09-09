Sept 9 Upstate New York health insurer Excellus
BlueCross BlueShield on Wednesday said its computer systems and
those at affiliates had been breached, exposing data from more
than 10 million members, in the latest case to show the industry
is still struggling to ward off hackers.
The Rochester-based insurer said it and its affiliates had
been the target of a sophisticated cyber attack and that it was
taking steps to address the situation and offering free identity
theft protection services to those affected.
Excellus said it learned of the cyber attack on Aug. 5 from
experts it had hired to perform a forensic assessment of its
computer systems following hacking attacks on other health
insurers. A subsequent investigation found that the initial hack
occurred in December of 2013.
"We are taking additional actions to strengthen and enhance
the security of our IT systems moving forward," the company said
in a notice posted on its website.
Attackers may have gained access to members' information,
including names, date of birth, Social Security number, mailing
address, telephone number, member identification number,
financial account information and claims information, the
company said.
"The investigation has not determined that any such data was
removed from our systems and there is no evidence to date that
any data has been used inappropriately," Excellus spokesman Jim
Redmond said.
Excellus and its affiliates serve people in 31 upstate New
York counties and the Buffalo and Rochester markets. Excellus
said 7 million of its members may have been affected, as well as
another 3.5 million individuals served by affiliated Lifetime
Healthcare Companies.
"The FBI is investigating a cyber intrusion involving
Lifetime Healthcare Companies, which include Excellus BlueCross
BlueShield, and will work with the firms to determine the nature
and scope of the matter," the FBI confirmed in an emailed
statement.
"Individuals contacted by the companies should take steps to
monitor and safeguard their personally identifiable information
and report any suspected instances of identity theft to the
FBI's Internet Crime Complaint Center," it added.
Earlier this year, Anthem Inc, the second-largest
U.S. health insurer, said it was the victim of a massive cyber
attack in which records of nearly 79 million customers had been
accessed.
(Reporting by Bill Berkrot and Nate Raymond, Editing by Ken
Wills)