10 Million Affected By Sophisticated Cyberattack

Author:Mr Emily Voorheis and Nathan A. Kottkamp
Profession:McGuireWoods LLP

The latest major health insurance data breach of 2015 reported by Excellus BlueCross BlueShield is considered one of the top 20 worst reported breaches of a healthcare organization. The attack affected about 7 million Excellus members and 3.5 million members of its subsidiary, Lifetime Healthcare Cos. and potentially exposed individual names, addresses, birth dates, Social Security numbers, member identification numbers, financial account information, claims data and clinical information, which would likely include medical data.

Significantly, the incident occurred two years ago but was only discovered in August. Specifically in response to previous security breaches at other insurance companies, Excellus hired a leading cybersecurity firm to conduct a forensic assessment of its IT systems. That investigation revealed that hackers initially gained access to highly personal information on December 23, 2013. This breach is alarming because Excellus BlueCross BlueShield's considerable efforts to safeguard the privacy of personal information did not prevent the breach. According to Excellus, the company encrypted the sensitive information, but the encryption method...

To continue reading