• September 10, 2015

Message from Excellus BlueCross BlueShield regarding data breach

Excellus BCBS Offers Protection for Affected Individuals Following Cyberattack

Rochester, N.Y. – Excellus BlueCross BlueShield ("Excellus BCBS") announced today that its Information Technology (IT) systems were the target of a sophisticated cyberattack and steps are being taken for the protection of its members and individuals who do business with the health plan.

As a result of cyberattacks on other insurance companies, Excellus BCBS engaged FireEye's Mandiant incident response division, one of the world's leading cybersecurity firms, to conduct a forensic assessment of its IT systems. On August 5, 2015, Excellus BCBS learned that cyber attackers gained unauthorized access to its IT systems.

Excellus BCBS notified the FBI and is cooperating with the bureau's investigation.

"Protecting personal information is one of our top priorities and we take this issue very seriously," said Christopher Booth, the corporation's chief executive officer. "We're making a broad range of services available today for our members, our employees and other impacted individuals to help protect their information."

The investigation has not determined that personal information on the company's IT systems was removed or used inappropriately. However, the investigation has determined that attackers may have gained unauthorized access to approximately 7 million individuals' information, which could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.

Excellus BCBS is beginning to mail letters to affected individuals today and is providing two years of free identity theft protection services through Kroll, a global leader in risk mitigation and response solutions, including credit monitoring powered by TransUnion. A dedicated call center also has been set up for members and other affected individuals. And, the company has established a dedicated website (www.excellusfacts.com), where members and other affected individuals can view frequent questions and answers and sign up for the free credit monitoring service and identity theft protection services. Individuals who believe they are affected by this cyberattack but who have not received a letter by November 9, are encouraged to call the number listed at that website.

"We have already taken aggressive steps to remediate our IT system of issues raised by this cyberattack," Booth said.

"We sincerely regret any concern this may cause," said Booth. "We are providing free credit monitoring and identity theft protection to you for peace of mind. We also pledge to take additional steps to strengthen and enhance security to help avoid having something like this happen again."

About Excellus BlueCross BlueShield
Excellus BlueCross BlueShield, a nonprofit independent licensee of the BlueCross BlueShield Association, is part of a family of companies that finances and delivers vital health care services to about 1.6 million people across upstate New York. Excellus BlueCross BlueShield provides access to high-quality, affordable health coverage, including valuable health-related resources that our members use every day, such as cost-saving prescription drug discounts and wellness tracking tools. To learn more, visit excellusbcbs.com.