Rochester, New York: Excellus BCBS: Info for 10 million breached


A health insurer in western New York and affiliates say their computers were targeted in a cyberattack that may have provided unauthorized access to more than 10 million personal records.
The breach putting many customers on heightened alert like Teresa Minutolo of Geneva who suspects her information was compromised.
She said she noticed on August 6 that a $900 airline ticket was purchased using her only credit card. “I’m upset, I wish they would have told us sooner,” Minutolo said.
When asked about the five week gap between the discovery of cyberattack and its disclosure, Excellus said that time was used to determine exactly how many customers were potentially affected in the breach.
The company said it “immediately began working to close the vulnerability, and contacted the FBI. We have been fully cooperating with the FBI’s investigation.”
The companies say unauthorized computer access was discovered Aug. 5, and they haven’t determined so far that any information was used inappropriately or removed.
Excellus BlueCross BlueShield, headquartered in Rochester, and Lifetime Healthcare Companies say they’re offering affected individuals two years of free identity theft protection and the FBI is investigating.
According to a spokesperson for Excellus, the cyberattack was discovered as a result of cyberattacks on other insurance companies.
The company recruited FireEyes’s Mandiant incident response division, a cybersecurity firm, to conduct a forensic assessment of our Information Technology (IT) systems.
It could include names, birth dates, Social Security numbers, mailing addresses, phone numbers, member identification numbers, financial account information and claims information.
Computer expert Nick Francesco said it’s hard for large companies to know right away when they’ve been hacked. He believes most companies are doing all they can, but improvements can be made. “I think that whatever procedure they used needs to be revamped. I think that whatever they did to find the footprints leading back to 2013 should now become standard procedure and should be done every single day,” Francesco said.
Excellus BCBS said letters will go out Wednesday to customers. On the release and letter, there is a website where people can go if they think their information was hacked.
For Excellus BCBS customers, that website is available here. http://excellusfacts.com/
For Lifetime Healthcare customers, that website is available here.  http://www.lifethcfacts.com/
Customers will also be able to sign up for ID theft protection being offered through the site.
You can call a toll-free number to learn more at (877) 589-3331.
The source of attack is under investigation.
The Lifetime Healthcare Companies (“LTHC”) added steps are being taken for the protection of all impacted individuals who do business with any of the following affected affiliated entities:
• Lifetime Benefit Solutions
• Lifetime Care
• Lifetime Health Medical Group
• The MedAmerica Companies
• Univera Healthcare Individuals who believe they are affected by this cyberattack but who have not received a letter by November 9, are encouraged to call the number listed at that website.
“We have already taken aggressive steps to remediate our IT system of issues raised by this cyberattack,” Booth said.
“We sincerely regret any concern this may cause,” said Booth. “We are providing free credit monitoring and identity theft protection to you for peace of mind.
We also pledge to take additional steps to strengthen and enhance security to help avoid having something like this happen again.” A call to the FBI was not initially returned.

Read More at: http://13wham.com/news/features/top-stories/stories/major-ny-health-insurer-hacked-26079.shtml

This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Rochester, New York: Excellus BCBS: Info for 10 million breached

Comments are closed.