Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Premera confirms attack and breach of personal and medical details

by The Gurus
March 18, 2015
in Editor's News
Share on FacebookShare on Twitter

US healthcare services provider Premera has confirmed that is suffered a sophisticated attack which compromised the personal information of members, employees and business partners.
 
In a statement, Premera president and CEO Jeff Roe confirmed that attackers gained unauthorised access to IT systems, which was discovered on January 29th and an investigation found that it occurred on May 5th, 2014. “As part of our own investigation, we notified the FBI and are coordinating with the Bureau’s investigation into this attack,” he said.
 
“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.”
 
The company confirmed that the incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and affiliate brands Vivacity and Connexion Insurance Solutions. Amongst the accessed data was names, dates of birth, email addresses, home addresses, Social Security numbers, member identification numbers, bank account information and claims information, including clinical information.
 
Roe said: “I recognise the frustration that the news of this cyber attack may cause. The privacy and security of our members’ personal information is a top priority for us. As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward.
 
“All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”
 
Cris Thomas, technical manager at Tenable Network Security, said: “There are not a lot of details on this breach as to who might be responsible, but in the end ‘the who’ doesn’t really matter, security practitioners are much more interested in ‘the how’.
 
“The timing is interesting as it would appear to have occurred at the same time as the recent Anthem breach. One thing is for certain, assuming this was a breach for monetary gain, is that as it gets harder to monetise credit card details attackers are turning to medical files as a way to commit insurance and medicare fraud to turn their online activities into cash.”
 
Journalist Brian Krebs suggested that 11 million customers may be affected, and the FBI investigation is ongoing. “Cyber crime remains a significant threat and the FBI will continue to devote substantial resources and efforts to bringing cyber criminals to justice,” the FBI said in a statement to Krebs on Security.
 
Richard Blech, CEO of Secure Channels, said: “This news comes just six weeks after Anthem disclosed that hackers had stolen some reportedly lesser levels of information of nearly 80 million subscribers from its IT system.
 
“Patients are likely asking: Did you not have enough money or resources to acquire the necessary technology to do the job? Were you too busy charging premiums to your customers that protecting their sensitive data that you hold as unimportant?
 
“Meanwhile, shareholders and the technical community are likely asking: Didn’t you hear? Protecting PHI data (encryption) must be done at the inception of the content. Trying to ‘fix’ the problem after neglecting to protect sensitive patient clinical in the first place is comparable in many ways to post-exposure inoculation.
 
“Either PHI is important enough to protect or it is not. Security as an afterthought is not a plan. Likewise, security at a few single points in the infrastructure is not an answer, it’s an invitation.”

FacebookTweetLinkedIn
Tags: BreachHealthcarePII
ShareTweetShare
Previous Post

Despite major breaches, a third of businesses have no recovery plan

Next Post

Premera breached – what next for healthcare?

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information