On Tuesday, Mountlake Terrace, Wash.-based Premera Blue Cross reported a cyberattack on its IT systems that affected 11 million members, employees and business affiliates.
Report of this data breach, which occurred May 5, 2014, comes approximately six weeks after Indianapolis-based Anthem reported a cyberattack on its own servers that affected approximately 80 million former and current customers and employees.
Here, industry experts offer preliminary analysis on the incident.
Christopher Budd, Global Threat Communications Manger, Trend Micro: Some data has been lost for 10 months and it's been nearly three months since the attack was discovered. This means that the people behind it have a head start….We can expect they will try to sell or use this information as soon as possible now that the breach has been discovered. They realize that the stolen data now has a limited shelf life and they will be desperate to maximize their gains while they still can.
Cris Thomas, Strategist, Tenable Network Security: There are not a lot of details on this breach as to who might be responsible, but in the end the "who" doesn't really matter, as security practitioners are much more interested in the how. The timing is interesting, as it would appear to have occurred at the same time as the recent Anthem breach. One thing for certain — assuming this was a breach for monetary gain — is that as it gets harder to monetize credit card details, attackers are turning to medical files as a way to commit insurance and Medicare fraud to turn their online activities into cash.
Ken Westin, Security Analyst, Tripwire: When the Anthem breach hit, many in the security industry were well aware they were not alone. Organized criminal syndicates targeting this type of data don't target one organization — they target an entire industry. Many of the vulnerabilities or security lapses found in one organization is likely to appear in multiple organizations in that same industry. The Premera breach could be much worse for those who are victims as it includes not just information to commit credit fraud, but also medical fraud and potentially sensitive information about medical conditions.
The fact the breach went undiscovered for seven months indicates that the institution did not have proper detective controls in place to identify an attacker was inside the network. The fact both Anthem and Premera discovered the breaches on the same day indicates to me that it was law enforcement that tipped them off to the data being compromised and believe we will see other organizations that were also breached during this time frame.
TK Keanini, CTO, Lancope: If you are an organization like this, it is not a matter of being breached — you are likely already compromised and just don't know it yet. Attackers are able to operate for months before being detected, and this will continue until organizations architect in a way leaving attackers nowhere to hide.
Trent Telford, CEO, Covata: We are exposing extremely valuable and highly personal data to cyber criminals because we are not encrypting the data itself — only securing they networks they reside and travel on. (As told to SC Magazine.)
More articles on data breaches:
Break-in at Mosaic Medical's office prompts breach notification
Sacred Heart Health System reports data breach affecting 14,000
12 latest data breaches