Premera Blue Cross is a health insurance organization that was targeted and breached by hacking. Now, after a year, Premera is being sued for failing to prevent the breach as well as the damage caused by the hacking to its users.
Before the hacking took place Premera was warned about a fatal flaw in its security. Premera was informed by multiple federal organizations that this posed a risk to its users and that if action wasn’t taken they would be hacked. A couple weeks after this warning by the organizations Premera was hacked. The hackers had gained access to the organizations network and were able to gain a large amount of personal information including name, address, email address, telephone number, date of birth, Social Security number, member identification number, medical claims information and, bank account information. The exact method of attack was not mentioned in any articles I read but one quote by Caspida hints that it may have been a large-scale nation attack and that the system was not properly protected in the case of users using weak passwords. Premera also faces more legal issues as they had taken months before informing their users had been affected and this is a company that provides service to a large amount of the Pacific north-west. The Premera have not released any documentation about whether or not they had implemented the changes recommend by the federal organizations but from there original audit it was found that Premera was not updating software and that was most likely why the intruders were able to access the system. Hopefully work will be done to correct the issue and prevent other organizations from making the same mistake.