Industry plans action after Premera hack

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.benefitspro.com/2015/03/19/industry-plans-action-after-premera-hack

Insurance industry groups and insiders are responding to the Premera Blue
Cross cyberattack by communicating with clients, offering additional
services and stressing the need for immediate action.

The National Association of Insurance Commissioners said it is
“coordinating an action plan” in response to the announcement of the
security breach at Premera Blue Cross.

Part of that response, explained NAIC Spokeswoman Katherine Jones, is
likely a multi-state investigation lead by the Washington state
commissioner, where Premera is based. That’s the same protocol the group
used after the Anthem attack in February, the largest known health care
data breach to date, affecting as many as 80 million current and former
policyholders.

The Premera Blue Cross hack comprised the information of significantly
fewer consumers than the Anthem breach — more than 11 million customers.
But preliminary information suggests the Premera hack includes more
sensitive information. Premera said that names, birthdays, email addresses,
physical addresses, telephone numbers, Social Security numbers, member IDs,
bank account information, medical information, and insurance claims might
have been exposed.

“Events like this undscore the need for consumers to take immediate and
ongoing action to protect personal information like passwords to bank
accounts, credit card companies, health insurance accounts and any
electronic database that contains sensitive, personal information,” NAIC
President and Montana Commissioner of Securities and Insurance Monica
Lindeen said in a statement. “Unfortunately, sophisticated hacks are a
threat to nearly every segment of our population, as we’ve witnessed with
Sony, Target, Home Depot and Anthem in the past few months.”

In the meantime, NAIC urged consumers to change passwords, check credit
reports and carefully monitor all accounts that may contain sensitive
information.

America’s Health Insurance Plans also said it is monitoring the issue.

“Health plans are committed to working in partnership with government and
other stakeholders to protect consumers, identify potential threats and
secure member information,” said Ben Jenkins, AHIP spokesman.

The Premera attack is the latest in a string of high-profile, sophisticated
cyber attacks, signaling the need for action, Jenkins said.

 “Cyberterrorism is a national security issue that requires strong
collaboration between both the public and private sectors to accurately
assess emerging threats and prevent future breaches,” he said.

Health data breaches are up significantly over the last couple of years.
And medical identify theft increased by nearly 22 percent in 2014 compared
to 2013, according to a study from the Ponemon Institute and the Medical
Identity.

Carrier, broker response

One of the first orders of business by carriers and brokers has been
communication of the problem to consumers.

Premera has been posting updates and news about the hack on its website and
said it will continue to do so as more information becomes available. The
carrier also said it is making available two years of free credit
monitoring and identity protection services through Experian to consumers
affected by the incident.

Anthem also moved quickly to provide consumer information after news of its
breach, setting up a web page that addressed the incident and providing a
set of frequently asked questions for consumers.

Brokers have been reaching out to clients in wake of the breach and helping
clients clear up confusion and make sure data is secure. They’ve also been
warning customers of phishing campaigns, where scammers seek additional
information by posing as Premera representatives.

After the Anthem hack, Susan Rider, national media chair for the National
Association of Health Underwriters, told BenefitsPro that brokers and
employers groups have been working together to answer questions from
policyholders since the data breach was found.

“Brokers are going to have to make sure that their agencies have a form of
secure email, that their databases have security,” Rider said last month.
“If it can happen to a large company, it can happen to a small company,
too. We all have to invest and protect our clients’ data the best we can.”

NAHU chose not to comment on the Premera hack.

Brokers have also been working with employers to offer employees identity
theft protection as an additional benefit in the wake of recent breaches.

“Demand for ID theft services continues to grow as people realize it could
happen to them,” Claire Terrell, vice president, marketing, for Legal
Shield in Dallas told BenefitsPro earlier this week. “You may feel that you
will not be targeted, but as you can see from the news, it’s not a matter
of `if’ but `when’.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!