As we (and pretty much everyone) predicted, the number of healthcare breaches continues to grow. In the latest case, Rochester New York based Excellus BlueCross BlueShield and related companies were hacked. As per usual, the hackers mounted a “sophisticated cyberattack” which compromised data including names, addresses, telephone number, social security numbers, financial account information, and some medical information from “shadowy groups in China.”
Here’s a description of the 10.5 million records that were affected:
Affected parties include about 7 million people who are insured by Excellus, patients covered by those policies and Blue Cross Blue Shield members from other parts of the country who received medical care that was billed through Excellus, Redmond said. Excellus is the largest health insurer in the Rochester area.
The records of an additional 3.5 million people who receive services through five Lifetime units — Lifetime Health, Lifetime Care, Univera Healthcare, MedAmerica and Lifetime Benefits Solutions — also were breached by the hackers.
Although, the irony of this story is that the initial hack seemed to have occurred on Dec 23, 2013, but wasn’t discovered by the staff until much later. The report suggests that the hack wasn’t discovered until they did an investigation into their own systems after the 78.8 million person Anthem breach. What’s not clear to me is why it took them so long after that breach which occurred in February 2015 to finally announce their own breach.
The company is offering the standard 2 year’s of identity and credit card protection to affected individuals. Does this all feel somewhat routine now? I’m sorry to say that it’s become so common that it almost feels like a non-event. It probably doesn’t feel that way to the millions of patients who got a notice in the mail. Although, with breaches of Google, Amazon, Target, etc, I think we’re all becoming somewhat numb to breaches of our personal data.