With the halfway mark for 2015 quickly approaching, many consumers have reached a state of data breach fatigue. Nearly every week, a new story comes out where the personal and payment information of U.S. consumers has been compromised due to a data breach.
Thanks to our friends over at the Identity Theft Resource Center (ITRC), we’ve recapped the three largest publically annouced data breaches in 2015.
05/22 CareFirst Blue Cross Blue Shield - 1,100,000 Records Exposed
Late last week, news broke of another Blue Cross Blue Shield member suffering a data breach. On May 22, CareFirst Blue Cross Blue Shield announced that the company had been the victim of a cyberattack, compromising the information of 1.1 million of its current and former customers. CareFirst currently has a total of 3.4 million customers, with the majority of its customers residing in Maryland, the District of Columbia and Virginia. According to CareFirst, one of the insurer’s databases was illegally accessed, compromising its members’ usernames.
While the database did not include personal information such as medical claims, Social Security numbers or financial information, the compromised usernames could be used to gain access to the previously mentioned data. CareFirst brought on Mandiant, a technology company, to conduct an intrusion investigation. After the investigation, FireEye stated in the Wall Street Journal that “the intrusion was orchestrated by a sophisticated threat actor that we have seen specifically target the healthcare industry over the past year."
03/17 Premera Blue Cross - 11,000,000 Records Exposed
In March, another healthcare provider announced that an unknown number of attackers gained access to its network. On March 17, Premera Blue Cross disclosed that its IT systems were the target of cyberattack, compromising the personal information of 11 million customers. In an update by Premera, the cyberattack may have exposed the personal and financial information of its customers and applicants. This information could include, name, mailing address, bank account information, Social Security number and much more.
The data breach affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and Premera’s affiliate brands, Vivacity and Connexion Insurnace Solutions, Inc. Premera first learned of the data breach on January 29, 2015 and determined in a investigation that the initial attack occurred on May 5, 2014. After a forensic investigation was completed, Premera determined that those affected by the company’s data breach were not related to the Anthem Inc. data breach that occurred a month before.
2/25 Anthem Inc. - 87,600,000 – 97,600,000 Records Exposed
In February, the second largest health insurer in the United States announced that the personal information of as many as 97 million people may have been compromised in a data breach. The major health insurer stated that a group of cybercriminals gained access to a corporate database that housed the personal information from Anthem’s 78 million current customers, including names, birthdays, employment information and social security numbers. At a whopping 78 million records exposed, the Anthem data breach exposed more records than the following 6 largest healthcare-related data breaches combined, dating back to 2010.
After the initial estimates of 80 million compromised records for Anthem’s data breach was revised to 78.8 million records, even the most cynical of consumers could breathe a sigh of relief. Unfortunately, the total number of records compromised in the Anthem data breach could come close to breaking the 100 million mark. Shortly after its initial announcement, an Anthem spokesperson stated that an additonal 8.8 million to 18.8 million of it’s non-customers could be affected by the breach. Anthem’s non-customers include customers of BlueCross BlueShield in various states whose personally identifiable information (PII) was stored in Anthem’s database.
In less than six months we’ve seen 102,962,007 records compromised due to 315 publically announced data breaches. That roughly equates to 326,857 records exposedfor every data breach in 2015. The three largest data breaches in 2015 so far can all be tied back to organizations in the healthcare/medical industry. For more information on the state of cybersecurity in the insurance and healthcare sector, check out our recap of the New York State Department Of Financial Services 2015 report.