How Premera Blue's Breach Reveals Weaknesses in Health Care Security
Another big name in health insurance has been the latest victim of a massive cyber attack.
Washington-state based Premera Blue Cross announced a breach earlier this week that could have affected up to 11 million customer records. The records included credit card numbers, Social Security numbers and information about medical problems.
While the attack was just made public, Premera issued a statement saying it discovered the breach on Jan. 29 – around the same time that Anthem was breached. The Anthem breach compromised the information of nearly 80 million people.
It's possible that the attacks were related — done by the same perpetrator. At least that's an educated guess from the cybersecurity company iSight Partners.
Premera also says the attack itself started in May of last year. But iSight found a suspicious domain called "prennera.com," an address that may have been made to spoof Premera's official website. It was created in December 2013.
“Attackers gained unauthorized access to our IT systems and may have accessed the personal information of our members, employees and other people we do business with. The privacy and security of our members’ personal information is a top priority for Premera. We value the trust you place in us to keep your personal information secure and we regret the concern that this attack may cause you,” stated Premera.
The health plan is cooperating with the FBI in its investigation, and is also working cybersecurity firm Mandiant "to both investigate the attack and cleanse our IT system of the infection created by that attack."
Moreover, it is offering members two years of free credit monitoring and identity protection services from Experian, and "taking additional steps to strengthen and enhance the security of our IT systems moving forward."
"I recognize the frustration that the news of this cyberattack may cause," said Premera president and CEO Jeff Roe, in a statement. "The privacy and security of our members' personal information is a top priority for us. As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward."
Security experts say this attack should once again serve as a clarion call: Health care is in the crosshairs.
"While banks and financial institutions are the classic targets, these have been increasingly improving their security for the past five years, and like security professionals always say: attackers will find their way to the next available target on their list," said Shahar Tal, vulnerability research team leader at cybersecurity firm Check Point, in a press statement.
"Providers in this vertical should all heighten their alert status, proactively monitor their infrastructure for suspicious logs, and put protections in place that will prevent them from being the next target," he added.
The Premera breach "once again demonstrates the failure of flawed, outdated assumptions: over-reliance on 'guard the door' entry point security and early technologies such as simplistic single-key encryption schemes is a quaint and dangerous approach to a 21st century problem," added Richard Blech, CEO of Secure Channels, in a statement.
"To be an entrusted safe-keeper of private and sensitive consumer information," he said, "an insurer or provider has to protect said data by encrypting it."