Rochester, NY – Excellus BlueCross BlueShield, a healthcare company with its base located in Rochester, New York, recently reported its largest intrusion into their IT system, affecting more than 10 million of the company’s users. The attack was said to have granted the hackers the affected user’s names, date of birth, social security numbers, mailing addresses, telephone numbers, member I.D. numbers and more. This attack in the health care company’s system is now ranked within the top 20 worst healthcare breaches of all time.
In order for Excellus to cope with their affected users, management is mailing out letters to each of the individuals and offering two years of free identity theft protection services sponsored by Kroll and TransUnion. They also set up a website, excellusfacts.com, for more information concerning the breach and how to get protection services.
The company has started to cooperate with the FBI to learn more about the hack. The hackers are still unnoticed. More surprising is the discovery that the initial intrusion was in December of 2013 where it wasn’t noticed until this August. The hackers are not known to have used any of the information they gathered from the attack.
What this attack shows, and from other attacks on healthcare companies from 2015, is that there is a new target for hackers. In the past, hackers have been more likely to focus on retail companies such as Target and Home Depot. Studies show that cyber attacks on healthcare companies are up 125% since 2010. An attack on healthcare companies like Excellus can grant the hacker more personal information of the individual such as social security numbers and billing information. Stolen health credentials can actually be sold for $10 each, which is 10 times more than what a hacker could get for a credit card number. There is also the problem where hospitals are not as digitally secured as most other large businesses, who most likely hire cyber security experts to defend the network. Tim Liu, CTO of next-gen firewall firm Hillstone Networks stated his reaction to the system breach saying “It’s proof positive how a single security penetration can disrupt the lives of millions of people…organizations need to go beyond traditional security measures and adopt a more aggressive, proactive approach to cybersecurity with continuous monitoring, increased visibility and other safeguards…”. This large attack on Excellus and the mass increase of healthcare hacks in 2015 is just the beginning of a new era of hacking, where the hacker’s goal is is to gain access to your personal medical records in order to make a profit for themselves and a loss for you.