Premera Blue Cross revealed earlier this week that it was the target of a cyber attack last year that may have affected 11 million customers. The attack is the latest healthcare data breach following a cyber attack on health insurer Anthem in February 2015, which may have affected 80 million people.
This most recent incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and affiliate brands Vivacity and Connexion Insurance Solutions, Inc. The Premera breach is particularly troubling on several fronts. First, because of the type of data that was compromised. While the Anthem breach exposed sensitive information such as names, addresses, birthdays, income information and social security numbers, in the Premera attack, hackers gained similar information but also stole even more sensitive data regarding patient health information (PHI), including patient histories, claim information and clinical information dating back to 2002.
PHI data is valuable on the black market because it is very personal static data which allows hackers to easily steal someone’s identity.
Second is the delayed time to detection and subsequent announcement of the breach. Premera reports the data breach occurred in May 2014, though it was not discovered until January 29, 2015. It is extremely troubling that it took eight months for MTTD (mean time to detection). Companies must do much better than this in reporting breaches quickly to better protect customers.
Third, who’s behind these attacks? There are several indicators that point the finger at the Chinese including analysis from malware samples that are consistent with those associated with Chinese APT activity. Several computer security companies have identified data that indicate the hackers’ identity might be a Chinese government-sponsored gang.
Security blogger Brian Krebs theorizes that the hackers appear to be a group known as Deep Panda and Group 72 – the same group that likely penetrated Anthem. While the FBI or Mandiant has not publicly validated these claims, there is agreement that the perpetrators are Chinese.