According to a report by Credit.com, health insurer Excellus BlueCross BlueShield suffered a cyber attack that exposed health records belonging to as many as 10 million members and dating back to as early as 2013. Those who were affected live in 31 upstate New York counties.
This is not the first time BlueCross BlueShield has experienced a data breach this year. The health insurer’s affiliates, Anthem, Premera and CareFirst, have been breached this year. The most notable of these instances affected Anthem, which resulted in the theft of an estimated 80 million Social Security Numbers.
Data breaches are serious business. So far, the BlueCross BlueShield insists that the cyber attack has not resulted in identity theft.
“Our investigation has not determined that any information was removed from our systems and there is no evidence to date that any such information has been used inappropriately,” the company wrote on its website.
However, the risk still remains.
Health care records remain prime targets
Data breaches for the purpose of identity theft have been growing more common recently, and they are becoming more costly for the businesses that are targeted by them. According to the Ponemon Institute’s Annual Cost of Data Breach Study, the average cost per lost or stolen record in 2015 is $154. In addition, the study found that total costs increased by 23 percent since 2013, and that the most costly breaches occur in the U.S. and Germany.
The consequences are particularly bad for the health care sector. Studies show that health care records — already prime targets for identity thieves — can lead to particularly high costs when stolen. The Ponemon Institute estimates that each stolen health record can cost as much as $363 on average. In contrast to stolen credit cards, which can easily be canceled once an instance of theft has been discovered, health records contain permanent information that cannot easily be erased once it is released into the world.
Everyone uses health care at some point in their lives, and by extension becomes a prospective victim of identity theft. As a recent article in Information Age notes, “suffering a breach is no longer a question of if but when.” The vast majority of breaches begin with a phishing attack, such as a false email that is made to look legitimate and sent to a specific individual. These emails contain links to malware and often cannot be blocked by spam filters, and may not be stopped by any single anti-virus software.
The number of threats to health insurers increases every day. Some estimates suggest that as many as 450,000 new threats are emerging regularly. It is important for consumers of health services to recognize that they may not be as well protected as they think.
To help protect yourself, consider signing up for a credit monitoring service that can alert you to certain activity on your credit file that may be indicative of fraud. With this information, you can act quickly and try to mitigate adverse effects on your credit file.