In mid-September, it was reported that hackers hit another set of health insurance companies. In this case, the hackers hit The Lifetime Healthcare Companies and its affiliates including Excellus Blue Cross Blue Shield, Univera Healthcare, and The MedAmerica Companies. A full list of plans affected can be found on the press release outlining the details of the attack.
Hackers took information on approximately 10 millions customers including 7 million from Excellus and 3 million from associated entities. Company IT officials first discovered the intrusion on August 5, 2015 and found that the initial attack took towards the end of December in 2013.
According to a news release, hackers may have gained access to the following types of information: name, address, telephone number, date of birth, Social Security number, member identification number, financial account information, claims information and, in some instances, clinical information. Affected customers are being offered two years of free credit monitoring.
While this is not the largest data breach of a health insurance company, it is the largest for the Western New York region, especially centered on Rochester and the Finger Lakes region. Furthermore, it is the latest in a string of data breaches of health insurance companies including a breach at Anthem Blue Cross Blue Shield that resulted in a breach of data for 79 million customers.
Data breaches are the new normal. It is not a question of if, but when the next one will occur. Every company should ensure it is doing everything it can to protect the data it has and have a robust response plan for when the hackers strike.
By Frederick J. Pomerantz and Aaron J. Aisen of Goldberg Segalla