There's been another data breach at a health insurance provider. When will these companies learn how to protect our data? This time more than 10 million members could be affected after a cyberattack going back as far as 2013.
Excellus BlueCross BlueShield of upstate New York is the latest victim in a string of health company hacks, and it's not looking good for the patients involved.
Even though there hasn't been any proof of the information stolen being used in a malicious way, this hack has left over 10 million health insurance members at risk. Excellus wants to stress the fact that there hasn't been any real damage done with the information so far.
"The investigation has not determined that any such data was removed from our systems and there is no evidence to date that any data has been used inappropriately," Excellus spokesman Jim Redmond explained to Venture Beat.
The hack was first discovered on August 5 when the insurance company brought in a team of security experts to check its system for vulnerabilities as a precaution after the other health industry attacks. Once the team recognized the attack, they dived deeper to find out when the breach took place initially.
That following investigation uncovered that the hackers first gained access to patient information in December 2013 and had uninterrupted access since.
Excellus is not taking the matter lightly, however. It decided to bring in the big guns to find out what hacker or group of hackers is responsible.
"The FBI is investigating a cyber intrusion involving Lifetime Healthcare Companies, which include Excellus BlueCross BlueShield, and will work with the firms to determine the nature and scope of the matter," the FBI confirmed in an emailed statement to Venture Beat.
Solving this case would bring closure to the members in over 30 New York counties, especially the densely populated Buffalo and Rochester areas.
If you suspect you're a victim of this horrible hacking, follow the FBI's advice, which says people "should take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI's Internet Crime Complaint Center."