LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
NEWSCAST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

Premera Blue Cross Cyberattack Exposed Millions Of Customer Records

Another big health insurance company has revealed it has been the target of a massive cyberattack.

Premera Blue Cross says hackers may have taken up to 11 million customer records. Those records include credit card numbers, Social Security numbers, even information about medical problems. This news is just coming out but Premera issued a statement saying it discovered the breach on Jan. 29. That's about the same date that Anthem, another Blue Cross company, told the FBI that it was breached.

It's possible that Anthem put the word out and, given the timelines, the attacks were related — done by the same perpetrator. At least that's an educated guess from the cybersecurity company iSight Partners.

Premera also says the attack itself started in May of last year. But iSight found a suspicious domain called "prennera.com," an address that may have been made to spoof Premera's official website. It was created in December 2013.

Either way, that's many, many months to steal people's data. NPR has reported previously on the black market for credit cards and health records. Will a bunch of for-sale signs go up there? Probably not this time — or at least that's according to sources who hang out in the underground.

Health care data can be more valuable than credit card information on the black market. But so far, sources say, the Anthem data hasn't shown up on the underground sites. And Premera may not either. It could be that the hackers are not run-of-the-mill criminals, but in it for cyber-espionage.

Yes, cyber-espionage. As in spies. It's possible that a nation-state actor is involved.

Both health care companies are huge providers with lots of government workers. So if someone wants intel on Defense Department employees — where they live, spouses' names, serious (or embarrassing) medical conditions, a breach is a way to stockpile that data and use it for blackmail later.

As iSight malware analyst Brian Bartholomew says: "The sole purpose of espionage is to steal information, gain advantage. By publicizing, you're giving up the leverage you have."

NPR has asked Premera and the FBI whether they are alerting other health care providers to watch out or providing details other companies might benefit from. Neither has immediately responded to our inquiry.

There's another group called the National Healthcare ISAC (Information-sharing and Analysis Center) that helps to share breach information. They say they've been in contact with private investigators at Mandiant as well as federal investigators handling the case. So far, the specific ways that Premera was attacked — like the IP addresses the attacks came from or the specific types of malware — have not been declassified and shared with other potential targets.

Director Deborah Kobza says in an email, "It is only through coordinated sector and cross-sector cybersecurity information sharing, that we, as a nation, can move critical infrastructure cybersecurity protection from a reactive to proactive stance."

But what is Premera doing to protect victims — the up to 11 million people who may be affected here? Premera says it is offering two years of free credit monitoring. It's the same kind of protection that retailers and financial institutions have given victims of credit card hacking. But if the point of this theft is altogether different, espionage, then identity monitoring doesn't really help in the end.

Copyright 2015 NPR. To see more, visit http://www.npr.org/.

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute
96.1 FM K241AR Lawrence (KPR2)

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)
contact@kansaspublicradio.org