• March 17, 2015

Message from Premera regarding data breach

Premera Blue Cross Announces Cyberattack, Offers Protection For Affected Individuals

Mountlake Terrace, WA. (March, 17, 2015) — Today, Premera Blue Cross ("Premera") announced the organization has been the target of a cyberattack. 

On January 29, 2015, Premera discovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to its Information Technology (IT) systems. Premera's investigation further revealed that the initial attack occurred on May 5, 2014. As part of its investigation, Premera notified the FBI and is coordinating with the Bureau's investigation into this attack. Premera also worked closely with Mandiant, one of the world's leading cybersecurity firms, to conduct a comprehensive investigation of the incident and to remove the infection created by the attack. 

"The security of Premera's members' personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause," said Jeff Roe, Chief Executive Officer, Premera. "As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information."

This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Premera's investigation determined that the attackers may have gained unauthorized access to members' information, which could include members' name, date of birth, Social Security number, mailing address, email address, telephone number, member identification number, bank account information, and claims information, including clinical information. Individuals who do business with Premera and provided the company with their email address, personal bank account number, or Social Security number are also affected.

The investigation has not determined that any such data was removed from Premera's systems. Premera also has no evidence to date that such data has been used inappropriately. 

Premera is beginning to mail letters to approximately 11 million affected individuals today and is providing two years of free credit monitoring and identity theft protection services to those individuals. Premera also has established a dedicated call center for its members and other affected individuals. More information can be found at: www.premeraupdate.com. The information involved in this incident dates back to 2002 and individuals who believe they are affected by this cyberattack but who have not received a letter by April 20, 2015, are encouraged to call the number listed at that website.

Along with steps taken to cleanse its IT system of issues raised by this cyberattack, Premera is taking additional actions to strengthen and enhance the security of its IT systems moving forward. 

Additional information about Premera's response to this cyberattack can be found at www.premeraupdate.com

About Premera Blue Cross 
Premera Blue Cross is a health plan in the Pacific Northwest, providing comprehensive health benefits and tailored services to over 1.8 million people. Premera Blue Cross is a member of a family of companies based in Mountlake Terrace, Wash., providing health, life, vision, dental, stop-loss, disability, workforce wellness and other related products and services. Premera Blue Cross is an independent licensee of the Blue Cross Blue Shield Association.