Premera Blue Cross, a health plan based in Mountlake Terrace, Wash., has reported a cyberattack on its IT systems that has compromised the data of 11 million customers, employees and business affiliates.
Premera discovered the attack on Jan. 29, and investigations indicate the initial cyberattack occurred on May 5, 2014.
The cyberattack affects Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and the payer's affiliate companies Vivacity and Connexion Insurance Solutions. Additionally, members of other Blue Cross Blue Shield plans who received treatment in Washington or Alaska may be affected, as are individuals who do business with Premera and provided the payer with their email address, personal bank account number or Social Security number, according to Premera.
Compromised information includes member names, birth dates, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, claims information and clinical information.
According to Premera, the investigation indicates no data were removed from the systems, and no evidence indicates any data has been used inappropriately.
"The security of Premera's members' personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause," said Premera CEO Jeff Roe in a statement. "As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."
More articles on data breaches:
12 latest data breaches
UPMC employees' tax returns delayed due to 2014 data breach
Fear of data breaches leads 21% of patients to withhold information from physicians