Slashdot Mirror

← Back to Stories (view on slashdot.org)

Personal Healthcare Info of Over 11M Premera Customers Compromised

Posted by Soulskill on from the another-day,-another-breach dept.

An anonymous reader writes: U.S. healthcare provider Premera Blue Cross has suffered a data breach that resulted in a potential compromise of personal, financial and health-related information of as many as 11 million applicants and members. The breach was detected on January 29, 2015, and the investigation mounted by the company and by forensic investigators from Mandiant has revealed that the initial attack happened on May 5, 2014. The FBI has also been notified, and is involved in the investigation."

6 of 69 comments (clear)

  1. This plus Anthem (also Blue Cross) by the_skywise · · Score: 3, Informative

    And they've compromised about 5% of the US population...

    1. Re:This plus Anthem (also Blue Cross) by Anonymous Coward · · Score: 3, Informative

      Not 5%.

      The Anthem hack was 80 million people. This brings it to 91. That's 28% of the US population who have had their entire identity stolen.

    2. Re:This plus Anthem (also Blue Cross) by Bing+Tsher+E · · Score: 3, Insightful

      Social Security numbers shouldn't be considered confidential. It should be impossible for financial services to use a person's SSN for any purpose for which they assume it is private or confidential.

      The government could neuter the whole issue by publishing everyone's SSN in a big digest. Names alongside SSNs.

      The SSN was never intended as anything but an index for the Social Security System. That financial institutions have instrumented it into being a 'secret' that people use to secure 'credit' should be thrown right back in the face of the Financial Institutions.

      It could start by a reasonable percentage of us agreeing to have our SSNs published. We would decree that the SSN was never intended to be 'secure' and that it is not our liability how our SSNs are used. If, say, 10% of the population agreed to be published in this way it would take down the ability of the credit industry to use SSNs for anything.

  2. Full Disclosure, please? by hipsterdufus · · Score: 3, Insightful

    As an admin, I'd love to see the actual technical aspects of the breach. How did they get in? How did they compromise your security? How long were they in the system before being detected? How did you detect them? Were you logging information that did catch them, but some oversight caused that data to be missed? How do you KNOW they are out of the system without flattening the entire infrastructure?

    Knowing this data can help security professionals add more security layers to keep the evil-doers out of the network.

  3. Re:Another reason not give SSN to healthcare provi by Dutch+Gun · · Score: 3, Insightful

    I've heard about protecting your SSN nearly my entire life. Can anyone actually steal your identity with just your SSN? Given the world we live in nowadays, what sort of half-wit organization would consider your SSN some personal passcode that no one else should know? Frankly, I think we should just make them all public records, and then get over the asinine notion that we can use them as some sort of damned security code. As has been aptly demonstrated, it's not like we can really keep them secret for long anyhow. You're constantly forced to give it to strangers. What sort of "secret number" is that?

    Sorry, I'm not ranting at you. The inability of major corporations to keep customer data secret is really getting on my nerves. It's just ridiculous.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  4. Re:So HIPAA applies to ... by Rougement · · Score: 4, Insightful

    Your company sounds completely evil.