Premera Blue Cross revealed Tuesday that it was the target of a cyber attack last year that may have affected 11 million customers.
The Washington-based health insurance company, which is licensed by Blue Cross Blue Shield, said the data breach occurred last May, but it was not discovered until January 29 of this year. The attack may have given hackers access to customers’ Social Security numbers, bank account information, contact information and claims data.
The breach affected customers of Premera Blue Cross as well as Premera Blue Cross Blue Shield of Alaska and affiliate brands Vivacity and Connexion Insurance Solutions, the company said.
The attack is the latest data breach to hit the healthcare industry and it follows a cyber attack on health insurer Anthem in February, which may have affected more than 78 million people. The FBI warned companies in the healthcare industry last August that they could be targeted by cyber terrorists looking for valuable intellectual property as well as customer data. The FBI warning came shortly after a breach at Community Health Systems that may have compromised the personal data of 4.5 million patients.
Premera plans to offer two years of free credit monitoring and identity theft protection services to all affected customers. “As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” CEO Jeff Roe said in a statement.
The company also said Tuesday it had already been working with the FBI to investigate the attack while also working to fix any security issues and strengthen its IT systems, including hiring cybersecurity firm FireEye to remove the infected software.