Grand Canyon-Sized Breach Hits Grand Canyon State

Posted April 8, 2015

418,640 Arizonans Had Data Compromised in the Anthem Breach That Affected 80 Million. ThreatMetrix CEO Calls Breach the “Tipping Point.”

In his blog, “The Anthem Tipping Point,” Reed Taussig, President and CEO of ThreatMetrix® notes that the Anthem Breach might finally be the cataclysmic event, the tipping point, that gets “the attention of senior management and boards of directors to recognize that cybersecurity is just as important to the enterprise as the operations of their customer-facing Internet applications themselves.”

And Anthem was not the only healthcare company attacked. Approximately the same time Anthem was breached — and very possibly by the same cybercriminals — Premera Blue Cross, which operates in Arizona, Alaska and Washington State, was also breached, compromising sensitive personal, financial and medical claims information for about 11 million of its customers nationwide. Other Anthem companies affected by the breach include Amerigroup, Anthem and Empire Blue Cross Blue Shield, CareMore and UniCare.

In his story on azcentral.com, Ken Alltucker, reporter for The Republic, details the cyberattack that left many Arizonans and Americans in general at risk of becoming victims of identity theft and other crimes. The following has been excerpted from Alltucker’s piece and edited to fit our format. You may find his complete account by clicking on this link.

Unaffected by breach, Blue Cross Blue Shield customers still at risk

The computer hackers did not breach Blue Cross Blue Shield of Arizona’s computer systems, company officials said, but customers of the Arizona insurer could be affected if they used their insurance plans to access doctors, hospitals or other health services in states where Anthem and Premera operate.

Anthem’s 14 states include California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

Healthcare a hot, easy target

“Nowadays, it’s all about the money,” said Shaun Murphy, founder of PrivateGiant, an Orlando-based consulting firm. Murphy said there is a black market for such data, and cyberthieves who recover such detailed personal, financial and medical information on individuals can get lucrative payments.

Murphy said health-care insurers are a prime target because their security systems are typically not as robust as financial institutions. And if a hacker is able to piece together Social Security numbers, birth dates and medical-claims information about an individual, that creates the type of detailed profile about a person that black-market buyers covet. “When you start to aggregate this information, it can bring in a ton of money.”

Small comfort

The insurance companies have offered [breached] customers two years of credit monitoring and identity-theft protection services. Anthem consumers can get more information about these services at https://anthem.allclearid.com/. Premera’s identify-theft protection will be offered through Experian.

Still attempting to find all potential victims

Premera spokesman Eric Earling said the company still is attempting to pinpoint all customers who may have been affected by the data breach in Arizona and other states.

Compromised records may go back to 2002

The insurer said the sophisticated cyberattack may have accessed records dating to 2002. That means customers who once held Premera’s LifeWise plans, discontinued in Arizona last decade, may be affected.

26 healthcare data breaches in Arizona since 2010

In Arizona, there have been 26 health data breaches that have each affected 500 or more people [in each breach] since 2010, according to the U.S. Department of Health and Human Services.

ThreatMetrix

ThreatMetrix

close btn