14 DAY TRIAL // Excellus BCBS acknowledged it was the victim of a cyber-attack in which data for over 10 million patients and collaborators has been exposed.
Excellus BlueCross BlueShield is a non-profit health insurance organization which caters to the upstate New York area.
According to a statement on its website, the organization revealed a data breach they discovered on August 5 this year, which, after further investigation, seemed to have initially occurred on December 23, 2013.
Excellus claims the attackers have had access to personal details of all their patients and collaborators.
This includes personal data like name, date of birth, social security number, email address, telephone numbers, member identification number, financial accounts, and claims information.
Excellus cannot tell if the data was stolen or just viewed
A company representative states it has not seen any of the data being used in the wild, but it's hard not to expect this information surfacing on the Dark Web in the upcoming months.
Taking into account that the price for a person's identity on the Dark Web costs around $5 / €4.43, this could bag the hackers up to $50 million / €44.3 million.
To get to the bottom of the cyber-attack Excellus has hired the services of Mandiant, a well-known security firm specialized in investigating data breaches.
The company is providing two years of free credit monitoring and identity theft protection for all victims
Excellus BCBS has also enlisted Kroll, a company that provides risk mitigation services, which will be responsible for providing two years of free identity theft protection for all of Excellus affected users.
Credit monitoring will also be provided for users who had their financial data exposed, services furnished by TransUnion, but paid for by Excellus.
According to CSO's Steve Ragan, Excellus discovered the data breach after hiring cyber-security firm FireEye to assess their network infrastructure.
This assessment was scheduled after the Anthem data breach in February 2015, another healthcare insurer, which had the data of over 80 million Americans exposed.
The Excellus breach should be a massive wake up call about #InfoSec. Spend the money companies, I'm looking at you...
— Joey Christian (@Jo3Ram) September 10, 2015