Premera Blue Cross Breach of Sensitive Data Linked To Chinese Hackers

In an attack lasting from May 2014 until January of this year, Premera Blue Cross suffered a data breach that exposed the sensitive medical and financial information of 11 million of its customers – data that includes claim information, bank account numbers, Social Security numbers, date of birth, and even clinical information – in one of the largest attacks on a healthcare company on record. The attack appears to have targeted Washington state in particular, where 6 million of those affected live and where customers include employees of, Starbucks Corp and Microsoft Corp.

Investigations indicate that the attack is the work of Chinese, state-sponsored espionage. Premera is working with both the FBI and the security firm Mandiant, who specializes in state-sponsored hacking groups. This breach comes right on the heels of another healthcare provider breach at Anthem that affected 78 millions Americans and was carried out by the same group of hackers, though more sensitive information was leaked in the Premera breach.

While details are still forthcoming in the Premera attack, Anthem’s breach was one that began in April of last year and had attackers taking the long game in order to infiltrate the system.

Why spend so much time to get access? Because medical records are ten times more profitable than credit card numbers on the black market.

The issues facing healthcare companies are many when it comes to data breaches. A multi-pronged approach is vital, one that not only focuses on securing access but also on how they treat what information they collect and how long they keep it. The need is greater, too – unlike a credit card that can be frozen and reissued with a new number, health care records do not change after they have been compromised, which can lead to account takeover, medical and insurance fraud, even outright identity theft.

There is no question that stolen credentials are being used, and the more information a company keeps on their clients, the more tempting that company becomes for hackers. And because consumers reuse usernames and passwords so frequently, access to one site provides access to others. Account takeover attacks have demonstrated a 112% year-over-year increase.  The most effect way to protect your site, your clients, and your data is to move away from data verification to behavior verification with User Behavior Analytics (UBA). Passive user behavior can’t be stolen or replicated but can be used to provide early intelligence to stop fraud events on accounts before they occur.

For more information on UBA, why it’s critical and how it can help, click here for our new white paper.