Attacks targeting healthcare-industry data have exposed the information of millions of Americans this year. More than 12 million were added to the tally when hackers accessed Premera BlueCross BlueShield and CareFirst BlueCross BlueShield databases. Paired with a similar attack on Anthem’s healthcare data, more than 90 million individuals may have been impacted. The first attack, announced in March, exposed 11.2 million subscribers and individuals who do business with Premera BlueCross BlueShield. Attackers accessed names, addresses, birth dates, Social Security numbers and bank account info, among other data. Federal auditors had warned the insurer its digital systems were vulnerable 3 weeks before the attack, the Seattle Times reports. A Premera spokesman, Eric Earling, told the Times the audit didn’t necessarily point to vulnerabilities hackers ultimately exploited. “We believe the questions OPM raised in their routine audit are separate from this sophisticated cyberattack,” he told the Times. Premera is Washington state’s largest health-insurance provider, with more than 6 million current and former customers. Hackers accessed information dating back to 2002.2 The breach is the largest on record involving patient medical data. In another hit to BlueCross BlueShield, intruders accessed a CareFirst BCBS database in May, revealing the subscriber information of 1.1 million users, including names, birth dates and email addresses. Password encryption protected Social Security numbers, credit card and financial data, and medical claims. Researchers at cybersecurity firm ThreatConnect Inc. believe a malware campaign led to the breach. Thieves appear to have created domain’s mimicking the insurers’ URLs. This year’s healthcare-industry attacks highlight the need for increased security measures. “In the past, health organizations could do [security] poorly and maybe they would have trouble on a little regulatory issue here or there, but for the most part they could still skate by,” Mike Gentile, executive vice president of innovation and security at Auxilio, told crn.com. “Now, with all the state-funded terrorist attacks and everything that’s occurring, these organizations are really having to implement these things, otherwise they’re being attacked over and over and over again.” Tom Patterson, vice president of security solutions at Unisys, told crn.com health-care records sell for 10 times the value of credit cards, making insurers a prime target for attackers. The information contained in medical records is not only confidential but can also be used to commit insurance fraud, upping its value exponentially. “Medical records paint a really personal picture of somebody’s life and medical procedures,” healthcare security expert Dave Kennedy told the New York Times. “They allow you to perpetrate really in-depth medical fraud.” How to protect yourself If your information was exposed, watch for signs that someone else is using your identity.
- Ask all medical providers what they will charge and what you will pay out-of-pocket. Keep accurate records of all appointments and procedures.
- Review your insurance provider’s benefits statement. Call to clarify if you have any questions.
- Don’t sign blank insurance forms or give blanket authorization to a medical provider for all services.
- Enroll in LifeLock to ensure you have a team behind you to help with your information recovery if indeed your ID has been compromised.
If you believe you’re the victim of a healthcare scam, submit it to tips.fbi.gov or to your local FBI office. Contact Medicare or your health insurance provider if you receive a suspicious bill.