Excellus healthcare hack puts 10m Americans at risk of identity theft

Miscreants infiltrated network in 2013 ... discovered last month

Health insurance company Excellus said hackers broke into its servers and may have made off with the personal details of 10.5 million people.

The insurance firm said the information belongs to customers who lived in or sought treatment in the upstate New York area. The breach exposed the personal information of 7 million Excellus Blue Cross Blue Shield (BCBS) customers and 3.5 million Lifetime Health Care customers.

The data was from patients who were treated in the Excellus hospital network in 31 counties since 1993. Excellus said it has not yet determined if the exposed data was actually copied by the hackers.

While the breach is believed to be limited to those in the upstate New York area, the information exposed is extremely sensitive. It includes member names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, and member identification numbers. Also at risk are insurance claim and financial account details for the 10.5 million patients in the Excellus and Lifetime Health Care insurance providers in the area.

"This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in the 31-county upstate New York service area of Excellus BCBS," Excellus said.

"Individuals who do business with us and provided us with their financial account information or Social Security number are also affected."

Excellus said the breach initially occurred on December 23, 2013, but was only discovered by the company on August 5 of this year. Excellus said it was working with the FBI to investigate the incident. Security firms FireEye and Mandiant were also called in to investigate.

For the 10.5 million people whose data has been exposed, Excellus said it will be providing two years of free identity theft and credit monitoring. Those whose data was stolen will receive letters from Excellus with further information, and those who believe they were impacted but have not received a letter by November 9 should contact Excellus directly.

Those services will likely provide little comfort, however, to the 10.5 million people who now likely have their highly personal medical information in the hands of hackers. ®

Similar topics

Other stories you might like

  • It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

    And a bunch of bank-account-raiding trojans also identified

    FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

    The Nordic country's National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that's malicious.

    "The messages are written in Finnish," the NCSC-FI explained. "They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator."

    Continue reading
  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading
  • Microsoft adds Buy Now, Pay Later financing option to Edge – and everyone hates it

    There's always Use Another Browser

    As the festive season approaches, Microsoft has decided to add "Buy Now, Pay Later" financing options to its Edge browser in the US.

    The feature turned up in recent weeks, first in beta and canary before it was made available "by default" to all users of Microsoft Edge version 96.

    The Buy Now Pay Later (BNPL) option pops up at the browser level (rather than on checkout at an ecommerce site) and permits users to split any purchase between $35 and $1,000 made via Edge into four instalments spread over six weeks.

    Continue reading

Biting the hand that feeds IT © 1998–2021