Data breach in Blue Cross insurance organization compromise health information of thousands of people

The non-profit mutual insurance organization Blue Cross of Idaho has confirmed that, in recent days, an unidentified user has been able to access its contributor portal to extract confidential information of nearly 6000 people, reported cyber forensics course specialists from the International Institute of Cyber Security (IICS).

Through a statement, the non profit insurer mentioned:  “On 21 March an unauthorized user accessed the Blue Cross of Idaho provider portal; the unknown user attempted to divert a financial transaction fraudulently. The attack was detected in time and our security teams are monitoring the portal.

However, the next day, Blue Cross confirmed that, during the incident, the attacker got access to financial documents of some providers which even contain personal health details, the cyber forensics course experts mentioned.

The information accessed by the unauthorized threat actors includes:

  • Member names
  • Membership number
  • Date of service
  • Name of health care provider
  • Patients’ account number
  • Among other data

Social Security Numbers, driver’s license, payment card details or health diagnoses of the Blue Cross members have not been compromised in this incident.

The insurer reported the incident to the U.S. federal authorities. In addition, after an internal investigation, the organization stated: “We believe that the attacker could have accessed about 1% of the total records of Blue Cross of Idaho”.

Blue Cross, in conjunction with the FBI, will maintain surveillance on the insurer’s portal in the face of the possibility that new cyberattack will be presented, commented the cyber forensics course experts.

So far the company has no evidence to confirm a malicious use of the compromised information, although they have already announced some measures for the protection of its affiliates; Blue Cross will begin restoring the subscriber numbers of affected users, and Blue Cross also offers potentially affected users three years of free credit online monitoring services.