Excellus Blue Cross Blue Shield, a local Rochester based health insurance provider that operates in Central and Western New York State has learned of a major breach within their system. According to the Excellus website, they insure about 7 million customers and patients, but over 10 million people were affected because the breach also included associates Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies, and Univera.
It has been found that there was unauthorized access to Excellus’ IT systems as early as December 2013 and it is estimated that 10.5 million records have been compromised. With help from Mandiant, a cyber-security firm, it was found that names, birth-dates, Social Security numbers, addresses, phone numbers, member id numbers, financial information and even medical records were affected. However, it has not yet been determined if this information was removed from the Excellus systems, and there have been no reports of any of this information being used in any malicious or inappropriate way.
Executives from Exellus stated that their data was encrypted but hackers gained unauthorized administrative access to their systems, allowing them to access the data. On the home page of the Excellus website as well as all of it’s affected associates’, a notice appears giving information about the recent cyber attack. Excellus is offering free identity protection to all who are affected, and the FBI is currently investigating this attack.
Excellus Website: https://www.excellusbcbs.com/wps/portal/xl/
Article on SC Magazine: http://www.scmagazine.com/excellus-bluecross-blueshield-announces-breach-105m-records-at-risk/article/437651/