Yet another health insurance company has been targeted by hackers. Approximately 11 billion customers at Premera Blue Cross, a health insurance company based out of Seattle, were the victims of a cyber breach. Hackers were able to access a broad range of confidential customer information, including Social Security numbers, addresses, banking account numbers, and member identification numbers. Credit card information remains safe, since Premera does not store any of that information on their databases. However, hackers were able to access claims data, including sensitive clinical information, which is what worries most customers.  This is the largest cyber breach where patient information was accessed. 

Health insurance company Anthem experienced a similar breach earlier this year, where over 70 million customers were affected. The difference between Premera’s cyber breach and Anthem’s breach is that Anthem customers’ medical records remained untouched. Affected Premera customers also include customers of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and Vivacity and Connexion Insurance Solutions. Most affected customers are in the Pacific Northwest. Affected customers have been offered two free years of identity theft protection services and credit monitoring.

 Premera detected the breach on Jan. 29th of this year, but believes that the hackers initially breached their databases back in May 2014. The FBI is investigating this cyber breach. Premera claims its information was encrypted, but the hackers were able to gain unauthorized access into their systems. In the nine months that it took for Premera to discover this breach, no customer information has been posted for sale on the online black market. This leads the FBI and other security experts to suspect that state-sponsored hackers based in China are the culprits of this particular cyber breach. 

Security experts found that a hacking group that goes by the name “Deep Panda” conducted a similar attack on Anthem. They looked at the digital signatures used in the Anthem malware and found that the malware was connected to an imposter web address. The web address, “prennera.com,” poses as Premera’s official website. The hackers who breached Anthem databases used a similar ruse to trick Anthem employees into entering information on a fake website. Although Premera claims the hackers breached their databases in May, the hackers set up the fake domain in December 2013 and were planning their attack for a while.

This type of calculation shows that health insurance companies are being targeted by sophisticated hackers.EiQ Networks’ security monitoring services offer continuous monitoring of all networks, so health insurance companies can have complete visibility into their systems and notice malware. EiQ also offers compliance automation and reporting, so health insurance companies can make sure they don’t violate HIPAA requirements. In order to stay ahead of hackers and avoid a cyber breach that goes unnoticed for months, health insurance companies need to make sure their networks are monitored continuously.

This article was originally posted on the EiQ Networks Blog.

You can read more stories on Boston startups, technology and innovation at https://www.bizjournals.com/boston/inno