Premera Blue Cross said Tuesday its computer network had been hacked, potentially exposing data from 11 million people, in the second recent such attack on a major US health insurer.
Premera said in a statement it discovered on January 29 “that cyberattackers had executed a sophisticated attack” to get into its computer network.
An investigation found that the initial attack occurred on May 5, 2014. The company said hackers may have been able to access members’ name, dates of birth, social security numbers, email addresses, bank account data and medical claims information.
Including customers and contractors, the total number of people affected could be 11 million, Premera said.
The announcement by Premera came six weeks after a similar disclosure from Anthem Blue Cross, which said as many as 80 million customer records may have been compromised.
Premera said it was working with the FBI and the private security firm Mandiant “to conduct a comprehensive investigation of the incident and to remove the infection created by the attack.”
“The security of Premera’s members’ personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause,” said Premera chief executive Jeff Roe.
“As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people’s information.”
Last year, US retailer Home Depot said 53 million email addresses were stolen, months after fellow retailer Target said the personal data of 70 million customers was accessed.
Reports last month said China may have been behind the Anthem hack, a claim that was denied by Beijing.
Some experts say medical data can be even more lucrative to hackers than credit cards because they can create fake identities for other frauds schemes.
Premera manages health insurance under the Blue Cross name for customers in the northwest United States.