Premera Blue Cross, which sells health insurance in the northwestern U.S., said information on 11 million people may have been exposed in a cyberattack uncovered six weeks ago.
Hackers may have accessed information including names, Social Security numbers, bank accounts and medical information, Mountlake Terrace, Washington-based Premera said today in a statement. The company, which discovered the breach on Jan. 29, said it notified the Federal Bureau of Investigation and is sending letters to affected individuals.
Health-care firms have experienced a series of high-profile attacks, exposing client information. Insurer Anthem Inc. said last month that hackers accessed information on 78.8 million people. Hospital chain Community Health Systems Inc. had information on 4.5 million patients taken last year.
“We at Premera take this issue seriously and sincerely regret the concern it may cause,” Chief Executive Officer Jeff Roe, said in the statement.
An internal investigation shows that the attack may have started on May 5, Premera said. The company said it hired Mandiant, a cybersecurity firm, to probe the hack and repair its systems.
Mike Kreidler, Washington’s insurance regulator, said he urged Premera to notify customers quickly.
“I’m concerned that while Premera learned of this attack in January, it took approximately six weeks to notify my office,” he said in an e-mailed statement.
Premera has more than 1.8 million customers in Alaska and Washington. The attack affected records dating to 2002, and also compromised information from Premera’s Vivacity and Connexion Insurance Solutions brands.