Premera Blue Cross cyberattack affects 11M Americans, including Alaskans

Premera Blue Cross announced Tuesday that it was the target of a "sophisticated cyberattack" last year that affected 11 million people in the United States, including Alaskans who have received health insurance coverage through Premera Blue Cross Blue Shield of Alaska dating all the way back to 2002.

Attackers may have gained unauthorized access to members' information, including names, birthdates, Social Security numbers, mailing addresses, email addresses, telephone numbers and bank account numbers, among other information, the company wrote in a release.

Premera Blue Cross set up the website Premeraupdate.com, where people can enroll in free credit monitoring and identity theft protection for two years.

"To anyone who believes they're affected, they can go sign up today, and we encourage them to do so," said Premera vice president of communications Eric Earling.

The attack on Premera's information technology systems occurred nearly a year ago, on May 5, 2014, and was discovered Jan. 29, the company wrote in a release. The attack affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliate brands Vivacity and Connexion Insurance Solutions, Inc.

Premera waited to make an announcement until March 17 on the advice of law enforcement and cyber security experts, Earling said, as the company had to secure its IT systems.

Announcing the breach to the public beforehand "would have put personal information at greater risk," Earling said, as cyber attackers are "inclined to more malicious activity" once an attack is made public.

ADVERTISEMENT

Premera worked with the FBI and Mandiant security consulting services to complete a "comprehensive investigation" and secure and cleanse its IT system.

The attack affected 11 million current and former members nationwide. The company has never been the subject of a cyberattack of this scale, Earling said.

Current membership in Alaska is 110,000 people, Earling said, but anyone who had coverage between 2002 to today may have been affected.

There was no evidence that data was removed from the system or has been used inappropriately, according to Earling. He declined to comment on the specifics of the attack, citing an ongoing FBI investigation.

The company began mailing letters to the 11 million affected people on Tuesday.

This attack was separate from an incident in early February where health insurance company Anthem was attacked, Earling said.

Laurel Andrews

Laurel Andrews was a reporter for the Anchorage Daily News, Alaska Dispatch News and Alaska Dispatch. She left the ADN in October 2018.

ADVERTISEMENT