Hackers had unfettered access to health insurer Premera Blue Cross for nearly 270 days and it took an additional two months before the insurer announced the breach affecting 11 million people.
According to Premera spokesman Eric Earling, the company delayed notification due to the sophisticated nature of the attack and to allow time for them to regain control of its systems from the hackers because, “we were told that such hackers typically engage in malicious activity if an announcement is made before the system is secured.”
The hackers may have been able to access names, dates of birth, social security numbers, bank account information, and clinical information dating back to 2002.
Earling said that the attack was not as serious as the Anthem breach, which resulted in the theft of 80 million records but stated, “in our case they had unauthorized access to our networks, so they potentially had access to different kinds of information. But we have no evidence they removed data or used it inappropriately.”
About 6 million of those affected are in Washington State and are employees of Amazon.com Inc, Microsoft Corp and Starbucks Corp. The rest are spread out across the country in every state. The health insurer announced that it was offering two years of credit monitoring and identity theft support to affected customers.