back to article Premera Blue Cross is sick after hackers plunder their servers

Health insurance firm Premera Blue Cross has admitted that it has become the latest victim of data theft after hackers targeted its IT department's servers in what's been dubbed a "sophisticated attack". On May 5 last year online hackers successfully penetrated Premera's defenses and cracked servers containing personal, …

  1. Mark 85 Silver badge

    Two Blues now...

    I'm wondering if there's a common entrance point. The Blues are an association and do trade information relating to claims etc. by people not in their home state due to vacations and business. Both cases had long times between the bad guys entering and then IT finding out they were there.

    I also wonder if some of this isn't an inside job as the Blues seem to be very heavy into contractors doing IT work.

  2. dan1980

    What these and other similar attacks show is that it doesn't matter what a company's privacy policy is* - if the data is there, it is vulnerable to a dedicated attack. And, the more data that is stored in one place and the more valuable that is, the more likely an attack is to happen and the more dedicated it will be when it does.

    There are undoubted benefits to all the e-health systems our governments are proposing and/or have implemented and there are documented cases of deaths that could have been prevented if doctors and surgeons and nurses had quick, easy access to this information. But, those benefits do not come without risk and the biggest risk is that the information will be stolen. Indeed it's a near-certainty that it will get out.

    So, keep as little as possible and encrypt EVERYTHING as much as feasible. And store stuff separately - bank details should never be anywhere near medical claims records.

    * - In the context.

  3. Just An Engineer

    A Sophisticated Attack

    This was a sophisticated attack. That is always the response when an American company gets it data stolen. Yep sophisticated alright, open this email attachment so i can deposit this Trojan on your desktop, then i will track your key strokes and grab your system password. There was probably someone sitting outside the building with an unsuspecting users password and jumping on the companies unsecured wireless network.

    Is it just me or does this happen more in the US then anywhere else, or do we just do it bigger in the US of A, and how did this go undetected for 8 months? There needs to be a REAL penalty for these A$$hats so if you security is so lax nearly any fool can access you systems and steal the IDs of now more then 100 million customers. There needs to be a corporate death penalty for crap like this. There is NO excuse.

    1. Anonymous Coward
      Anonymous Coward

      Re: A Sophisticated Attack

      With billions of dollars from the Health Care sector being spent on lobbying Washington...

      ... how keen do you think those politicians are to impose financial penalties against them? They are not going to bite the hand that feeds them. It's only Joe Public being fucked over, and who in government gives a shit about them.

  4. Anonymous Coward
    Anonymous Coward

    Now Premera is saying that the information was only "viewed"

    But that no data was "removed". Still, its simple to copy anything you can view and put it in another program.

    How is an attack defined – what does this mean?

    An “attack” means no data was removed from Premera’s database, but data could have been viewed. A “breach” means data was removed from a database and this attack is not classified as a “breach”.

    Whose data was impacted by this attack?

    Premera does not know specifically at this time whose data may have been viewed and they are beginning to send letters to members today regarding the attack. The website will be updated as additional information becomes available.

  5. Down not across Silver badge

    The privacy and security of our members' personal information is a top priority for us

    "The privacy and security of our members' personal information is a top priority for us. As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward."

    Roe said that the firm was offering two year credit and identity protection for those affected by the breach via Experian.

    If it is such a top priority why don't you provide the credit and identity protection for life rather than measly two years?

    As for the breach of clinical information, that could cause irrepairable damage to the client well beyond any credit or identity issues.

    1. Anonymous Coward
      Anonymous Coward

      Re: The privacy and security of our members' personal information is a top priority for us

      Given how all these breaches have the knee jerk reaction of x years free monitoring makes me wonder howycj the credit agencies are making out of this.

  6. Anonymous Coward
    Anonymous Coward

    It took them from May to January to twig? Top notch! Why i$ American bu$ine$$ $ecurity $o aby$mal? Nothing to do with the bottom line, obviously?

    Q. : Seriously, when is Yank business going to wake up

    A. : Never, they don't care.

    Above answer from Occam.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021