N.Y. Insurer Breached, 10 Million Records Exposed

Sept. 14, 2015

N.Y. Insurer Breached, 10 Million Records Exposed Underscoring recent research suggesting health care is one of the riskiest industries from the perspective of data security breaches, a health insurer based in Rochester, N.Y. on Wednesday reported its network had been hacked, possibly exposing the personally identifiable information of more than 10 million customers. Excellus BlueCross BlueShield acknowledged it learned of the cyber attack on Aug. 5. An investigation found the company initially was breached more than 20 months ago in December 2013. According to a Reuters report, the company only found out about the intrusion after it hired an outside consultant to perform an assessment in the wake of other hacks that targeted health care companies.

The customer information Excellus said could have been compromised includes name, date of birth, Social Security number, mailing address, telephone number, financial account information and claims information. However, the company said, “the investigation has not determined that any such data was removed from our systems” and that no evidence exists “that such data has been used inappropriately.”

Health insurers and hospitals have become the source of a trove of information for fraudsters who are monetizing it using a variety of schemes. One of the most popular recent scams leveraging stolen, non-payment card information, is account creation .