Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/10/2015
04:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach

Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.

Cyber attackers last month executed a sophisticated attack to gain unauthorized access to the IT systems of Excellus BlueCross BlueShield and its parent company, Lifetime Healthcare Companies, possibly gaining unauthorized access to more than 10 million personal records.

The Rochester, N.Y-based insurers learned Aug. 5 that cyber attackers had gained access to IT systems hosting individuals’ personal information, company officials reported Wednesday. Further investigations revealed that the initial attack occurred on Dec. 23, 2013, they said.

Company officials notified the FBI and are coordinating with the Bureau’s investigation into this attack. Excellus also hired Mandiant to conduct the investigation and help remediate the issues created by the attack on its IT systems; Mandiant has also conducted investigations at several of the other healthcare companies that were breached recently. 

So far in 2015, cyber attackers have targeted Anthem, Premera Blue Cross, LifeWise, UCLA Health System, CareFirst BCBS, and now Excellus. Security researchers have linked some of these attacks to groups in China, which would suggest the attackers are not out for financial gain but instead the collection of personal information on prominent Americans.    

[Why so many attacks on healthcare companies, starting with the Community Health Systems breach in 2014? Read "Healthcare Breaches Like Premera First Stage Of Bigger Attacks?" on Dark Reading.]

Attackers increasingly are targeting “medical databases and protected healthcare information because they contain a treasure trove of personal identifiable information that they can use or sell on the black market to feed identity theft schemes,” said Adam Levin, founder and chairman of identity theft protection firm IDT911, and former director of the New Jersey Division of Consumer Affairs.

According to the Identity Theft Resource Center (via data security provider Netsurion), medical/healthcare is the second largest sector affected by breaches in 2015, with approximately 109.6 million records compromised.

The Excellus attackers may have gained access to personal information, including names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information, and claims data.

However, the investigation has not determined that any such data was removed from Excellus’ systems. “We also have no evidence to date that such data has been used inappropriately,” company officials say.

“As breaches have become the third certainty in life, data must be encrypted and there needs to be multiple layers of security, like two-way authentication,” Levin says. The initial intrusion took place more than a year ago, which begs the question, ‘who was minding the store?’”

“While it’s mentioned that there’s no evidence of files being stolen, [reports] also mentioned that the files were encrypted and that attackers had gained administrative access to the files, being able to presumably view them in an unencrypted form,” says Adam Kujawa, head of malware intelligence at Malwarebytes Labs, research arm of the anti-malware company.

“It then follows that with an attack of this magnitude, being done over the course of more than a year, cybercriminals probably stole information by simply copying and pasting it from its unencrypted form on the secure network to their own systems or utilizing built-in tools to parse the information for the most valuable data,” Kujawa says.

Kujawa thinks this latest breach is just another example of the weak cyber security measures currently in place for sensitive information. “While many industries, such as banking, are stepping up to the plate, there’s still a slow adoption or even failure from industries such as healthcare,” he says.

Companies need to invest in employee training on proper security and privacy protocols, because a company is only as good as its weakest link, notes Levin. Affected members should immediately change usernames and passwords and use diverse, long, and strong passwords for their personal and financial accounts, he advises. 

“They should also check their accounts for any suspicious activity and sign up for transactional alerts from their bank.”

Excellus is providing two years of free identity theft protection services through Kroll, a global leader in risk mitigation and response solutions, including credit monitoring by TransUnion, to affected individuals, the company says.

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...