Excellus BlueCross BlueShield in New York is the latest health insurer to suffer a major cyber attack, this one affecting up to 10 million individuals.

The Blues plan on August 5 learned of the attack; as with other similar attacks the investigation found that intruders had accessed the network considerably earlier with the initial attack on December 23, 2013.

Cybersecurity firm Mandiant worked with the plan to investigate the hack and remediate vulnerabilities. The FBI is investigating. Compromised data includes names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information, according to Excellus.

“This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS,” the company says in its formal announcement. “Individuals who do business with us and provided use with their financial account information or Social Security number are also affected.”

To date, the investigation has not indicated that data was removed from Excellus systems or has been used inappropriately. The company is offering affected individuals two years of free credit monitoring and identity theft protection through Kroll Inc. The mailing of notification letters began on September 9.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access