11 Million Medical Records Exposed in Premera Blue Cross Breach

Premera Blue CrossWhat happened?

On Tuesday, health insurance provider Premera Blue Cross disclosed they suffered a data breach of 11 million customers’ personal, medical and financial information.

The Washington state-based, not-for-profit health insurer serves as the primary provider for many large organizations, including Amazon, Microsoft and Starbucks. So although the breach is nationwide, it is highly concentrated in the Pacific Northwest — with 6 million Washington residents impacted.

The insurance provider learned of the breach on January 29, the same day health insurer Anthem discovered they had been breached. Anthem’s breach was disclosed in early February.

Despite chilling similarities, Premera does not believe the two attacks are related.

It is not yet known how hackers gained access to their IT systems. However, the insurer has determined that an abundance of customer information was exposed, including names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, medical claims information and bank account information.

Those at risk include customers of Premera Blue Cross Blue Shield of Alaska and their affiliate brands Vivacity and Connexion Insurance Solutions, Inc.

Premera is currently cooperating with an FBI investigation and has hired a third-party cybersecurity firm, Mandiant, to aid in the matter.

What should you do?

Due to the sensitive nature of the information that has been exposed, Premera Blue Cross members and employees are now at an increased risk of fraud and identity theft. Anyone potentially impacted by this breach should be vigilant about minimizing fraud risks, including taking the following actions:

  • Check your credit report
  • Monitor your bank statements regularly
  • Watch for spam or phishing attempts via phone or email
  • Frequently review medical records/statements for inaccuracies and signs of medical identity theft

Parents of insured children should also be aware that children’s Social Security numbers are commonly used to commit identity theft and fraud. And, because children do not actively use their credit, child identity theft can be much harder to detect and take longer to resolve. Concerned parents should consider placing a credit freeze on their child’s credit file.

Premera Blue Cross will be offering impacted individuals two years of free credit monitoring and identity theft protection services. Additionally, child identity theft monitoring will be provided to impacted families. Enrollment information will be provided via mail. Please visit Premera’s support website or contact their customer hotline at 1-800-768-5817 if you have additional questions related to the incident.

Learn more about data breaches and how to protect your personal information in Fighting Identity Crimes’ Education Center.


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.


Leave a Comment.