This week, a representative for the healthcare insurance provider Premera revealed that the core servers of their customer database had been breached, unearthing the details of millions of medical records and putting the majority of their userbase at risk for possible identity theft or worse.
The heist, which yielded its perpetrators a mind-numbing 11 million records, is one of the largest of its kind, surpassed only by the more recent Anthem breach, which currently holds the top spot at 70 million.
Premera offers healthcare coverage to citizens of the Northwest, primarily in Oregon, Alaska, Washington. According to the company, the crack first began back in May 2014, but wasn’t even discovered until January of this year.
This timeline puts Premera’s problems right up alongside the Anthem attack which, while nothing has been confirmed yet, has led early investigators to linking the two as part of a singular campaign launched on behalf of a unified party.
It just goes to show that even with all the appropriate safeguards in place, all it takes is a little ingenuity and know how for hackers to find a space in the cracks to break the whole thing open.
“The Premera breach could be much worse for those who are victims as it includes not just information to commit credit fraud, but also medical fraud and potentially sensitive information about medical conditions,” said Tim Erlin, director of product management, IT security and risk strategy at Tripwire, in an email.
The defining difference in breaches of medical information from standard identity theft targets is that unlike the latter, personal medical data can be used to commit higher levels of insurance fraud that can be worth millions of dollars at a time.
Not only that, it seems as of late there is a new trend going around where identities in the States are sold to people with medical issues looking to get care for free. They copy everything about a person’s identity down to the contents of their wallet, and receive free treatment from hospitals under false credentials while the account is still under review.
By the time the bill comes in, it’s sent to the wrong person, and whoever committed the crime is already healed up and in the wind by the time anyone realizes what happened.
Other scams include specifically targeting patients who have prescriptions for pain pills, and fooling doctors into filling orders on a fraudulent account.
Somewhat ironically, it seems that the only data which wasn’t stolen is Premera’s financial data, which according to the company is never stored in case of an event exactly like this.
“Premera does not store credit card information for members, so your credit card information is not affected by this attack,” the company said in its website notice. “Our investigation has not determined that any information was removed from our systems and there is no evidence to date that any such information has been used inappropriately.”
The company has since set up a handy-dandy FAQ page in case you have any questions about whether or not your information was stolen, and if it was, what you can do to protect yourselves from the incoming wave of problems that we’re sure Premera customers are about to face.