Excellus BlueCross BlueShield reports massive breach of its IT systems

14 Sep 2015

Rochester, New York-based Excellus BlueCross BlueShield revealed that cyberattackers had breached its IT systems and an estimated 10 million members and individuals who did business with the company had been affected.

Among those affected were 7 million Excellus members as also an additional 3.5 million members under the affiliate Lifetime Healthcare Companies.

Excellus asked FireEye's Mandiant incident response division to investigate the breach.

After Mandiant conducted a forensic assessment of its IT systems and confirmed the attack, Excellus notified the FBI and was now cooperating with the bureau's investigation into the hack.

"Protecting personal information is one of our top priorities and we take this issue very seriously," said Christopher Booth, CEO of Excellus, in a statement. "We're making a broad range of services available today for our members, our employees and other impacted individuals to help protect their information."

Though nobody knows the severity of the attack Mandiant had confirmed that attackers might have gained unauthorised access to such information as individuals' names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.

According to Booth, aggressive steps had already been taken to remediate its IT system of issues raised by this cyberattack.

There was however no indication yet that any personal information had been misused by outside parties.

 ''The most compelling element of this episode is the 20 months it took Excellus to discover the breach and put a stop to it'', said Jeff Hill, channel marketing manager for STEALTHbits, a data security company, in a statement. Despite these efforts, Excellus BCBS was targeted in a very sophisticated cyber attack. ''It's painfully obvious that these products simply don't work'', he said.