Excellus BCBS Breached, 10 Million Customers’ Records Affected

12 September 2015

When I read the headlines of this LIFRAS post my first thought was:  “2015 is going to be an annus horribilis for the US healthcare insurers”. Anthem, Premera, and now Excellus, what organization will be the next?

One paragraph in the Excellus announcement of the data breach is really interesting:

‘On August 5, 2015, Excellus BlueCross BlueShield learned that cyberattackers had executed a sophisticated attack to gain unauthorized access to our Information Technology (IT) systems.  Our investigation further revealed that the initial attack occurred on December 23, 2013.’

It took 590 days to identify the breach! That are 8 days more than the maximum Mean Time To Identify (MTTI) of 582 days the latest Ponemon cost of data breach study found for 2014.

This is really remarkable because it makes clear that a ‘very sophisticated’ cyber-attack is hard to identify, even with latest security technology in place. And I bet, Excellus has such technology installed. I am really curious about the details of the attack.

Take care! If you like to do some further reading please take a look at the latest issue of the Cyber Intelligencer ‘You can’t detect what you can’t see’.

Advertisements