Premera Blue Cross has said its computer network had been hacked, potentially exposing data from 11 million people, in the second recent such attack on a major US health insurer.
Premera said yesterday that it learned on January 29 that the company had been the victim of a “sophisticated attack” to get into its computer network.
An investigation found that the initial attack occurred on May 5, 2014.
The company said hackers may have been able to access members’ names, dates of birth, social security numbers, email addresses, bank account data and medical claims information.
Including customers and contractors, the total number of people affected could be 11 million, Premera said.
The announcement by Premera came six weeks after a similar disclosure from Anthem Blue Cross, which said as many as 80 million customer records may have been compromised.
Premera said it was working with the FBI and the private security firm Mandiant “to conduct a comprehensive investigation of the incident and to remove the infection created by the attack.”
“The security of Premera’s members’ personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause,” said Premera chief executive Jeff Roe.
“As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people’s information.”
Last year, US retailer Home Depot said 53 million email addresses were stolen, months after fellow retailer Target said the personal data of 70 million customers was accessed.
Reports last month said China may have been behind the Anthem hack, a claim that was denied by Beijing.
The Anthem cyberattack was the latest where US investigators say evidence points to China.
FBI Director James Comey said in October that China was at the “top of the list” of countries launching cyberattacks on US firms.
Some experts say medical data can be even more lucrative to hackers than credit cards because they can create fake identities for other frauds schemes.
Premera, which manages health insurance under the Blue Cross name for customers in the northwestern United States,
said it was offering free credit monitoring for two years to persons affected.