On March 17, Premera Blue Cross, one of 37 independent licensees of the national Blue Cross and Blue Shield Association, confirmed a cyberattack on its data systems. Premera operates in the Pacific Northwest and provides health care coverage in Alaska and Washington.
To be clear, this cyberattack did not occur at Blue Cross and Blue Shield of Nebraska (BCBSNE) and did not affect our data storage systems. BCBSNE and Premera are separate and independent companies.
Premera discovered the cyberattack recently, but its representatives believe it took place last spring, and that hackers accessed data stored in their systems dating back to 2002. Premera is working with the FBI and other appropriate law enforcement agencies to find out how the cyberattack happened.
At this time, Premera representatives believe there are 11 million people in the country affected, including more than 4 million people covered by other Blue Cross and Blue Shield companies.
Some Blue Cross and Blue Shield of Nebraska members were impacted because they received care in Washington or Alaska, resulting in a claim being filed.
As of this date, we have determined that 20,985 current or former Blue Cross and Blue Shield of Nebraska members were impacted by the Premera cyberattack. Of those individuals, 967 live in Nebraska and 20,018 work for a Nebraska-based company but live in a state other than Nebraska.
Premera is in the process of notifying all impacted individuals nationwide by U.S. mail.
Premera is offering two free years of credit monitoring and identity theft protection services through Experian to those affected. Anyone concerned about the cyberattack can call 1-800-768-5817 or visit www.premeraupdate.com for more information or to enroll in the protection services.
In February, Anthem, Inc., a Blue Cross and Blue Shield company operating in 14 states, announced a cyberattack that affected 52,691 current or former BCBSNE customers. These were people who got medical care in one of the 14 states that Anthem covers and had data in their systems when the cyberattack happened.
Anthem’s service area includes the following states: California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri (excluding 30 counties in the surrounding Kansas City area), Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.
Anthem is offering free credit monitoring and identity protection services to all impacted individuals. Additional information about these free services may be found at www.anthemfacts.com or by calling 877-263-7995.
The Security of Your Data is Important to Us
The recent incidents at Anthem and Premera have drawn increased focus on the issue of cyber-security. We want to take this opportunity to reassure you that BCBSNE goes to great lengths to ensure compliance with data security and privacy regulations, while placing a priority on safeguarding our member’s personal and medical information from unauthorized access and use. We apply the best available cyber threat intelligence to our evolving data security strategy to ensure we maintain a comprehensive and adaptable security framework of layered physical, technical and administrative controls.
The framework includes proven conventional components (system access hardening, firewall, anti-virus /anti-malware, intrusion detection, encryption, secure data transfer, vulnerability management, awareness and training, etc.) as well as advanced security measures (security event/incident management, multi-factor authentication, mobile device management, data loss prevention, password vaulting, attack simulation, etc.).
For the past several years, we have engaged professional security services to regularly assess our security posture and to assist us with implementation of cutting-edge technology to improve our ability to thwart, detect and quickly to respond to an attack like the ones reported by Anthem and Premera.
How the Blue Cross and Blue Shield System Works
The 37 independent Blue Cross and Blue Shield companies that operate in different states across the U.S. and in Puerto Rico form the Blue Cross and Blue Shield network. We are all separate companies, but we work together to provide our members with access to medical care wherever they are. This enables Blue Cross and Blue Shield members to receive the same benefits for medical care either at home or while living or traveling elsewhere.
If a member receives medical care in another Blue Cross and Blue Shield company’s geographic service area, their medical claim is sent from that Blue Cross and Blue Shield company to the member’s “home” Blue Cross Blue Shield company. This process ensures that the member’s claim is processed based on their personal benefit plan, while receiving the discounts agreed upon between the medical provider and the Blue Cross Blue Shield company that received it
If You Have Questions
Members who have any questions about the Anthem or Premera cyberattacks may call our Member Services Department at 855-766-5959.