With sports-related injuries alone costing $33 billion dollars each year, it’s no secret that the healthcare system in the United States is expensive. But for 10 million insurance members, it could cost more than just dollar signs. A recent data breach has leaked the personal information of 10 million Excellus BlueCross BlueShield members, going back to 2013.
This is not the first cyberattack on an insurance provider that has left member information unsafe, and it has many asking how insurance companies plan to protect them in the future.
So far, there isn’t any evidence of member information being used maliciously, but with the information of 10 million people unsecure, many are on edge. Excellus has stressed that there hasn’t been any damage done so far, but many argue that the hackers may wait to use the information they’ve obtained.
“The investigation has not determined that any such data was removed from our systems and there is no evidence to date that any data has been used inappropriately,” Jim Redmond, spokesman for Excellus, explained.
Excellus found the attack on August 5 and immediately brought in security experts to check their system and assess damages. They had their system checked for vulnerabilities, due to other attacks on insurance companies recently. Once this was done, they looked deeper to find out when the attack began.
Their investigation leads them to believe that the attack began in December 2013, which was when hackers first got access, and they have had access ever since. To illustrate their commitment to solving the issue, Excellus brought in the FBI to find out whether or not the hack was carried out by an individual or group.
“The FBI is investigating a cyber intrusion involving Lifetime Healthcare Companies, which include Excellus BlueCross BlueShield, and will work with the firms to determine the nature and scope of the matter,” the FBI confirmed in a statement.
Excellus has members in more than 30 counties in New York State, and has especially high member volumes in Rochester and Buffalo.
For Excellus members who believe they may be victims of this hack, the FBI advises them to “take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center.”