From the company’s website:
On January 29, 2015, Premera Blue Cross (Premera) discovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to our Information Technology (IT) systems. Our investigation further revealed that the initial attack occurred on May 5, 2014. As part of our own investigation, we notified the FBI and are coordinating with the Bureau’s investigation into this attack.
We worked closely with Mandiant, one of the world’s leading cybersecurity firms, to conduct our investigation and to remove the infection created by the attack on our IT systems. Along with steps we took to cleanse our IT system of issues raised by this cyberattack, Premera is taking additional actions to strengthen and enhance the security of our IT systems moving forward.
This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.
Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.
We recognize this issue can be frustrating and we are taking steps to protect you. We are beginning to mail letters to affected individuals today, March 17, 2015. We are providing two years of free credit monitoring and identity theft protection services through Experian to affected individuals. We also have established a dedicated call center for our members and other affected individuals to contact. The information involved dates back to 2002 and individuals who believe they are affected by this incident but who have not received a letter by April 20, 2015, are encouraged to call 1-800-768-5817, Monday through Friday, between 5:00 a.m. and 8:00 p.m. Pacific Time (closed on U.S. observed holidays).
We sincerely regret the frustration and concern this incident may cause. The security of our members’ personal information is a top priority. More information on this topic, including directions on how to sign-up for credit monitoring and related services is available at www.premeraupdate.com
From Premera:
Attackers gained unauthorized access to our IT systems and may have accessed the personal information of our members, employees and other people we do business with. The privacy and security of our members’ personal information is a top priority for Premera. We value the trust you place in us to keep your personal information secure and we regret the concern that this attack may cause you.
We’re making available two years of free credit monitoring and identity protection services to anyone affected by this incident. As well as providing more information on this site.
From CEO Jeff Roe:
I recognize the frustration that the news of this cyberattack may cause. The privacy and security of our members’ personal information is a top priority for us. As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward.
We are providing two years of free credit monitoring and identity theft protection services, including identity theft insurance. You can sign up for these services today. All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.
