102M+ patients' information compromised — 6 major payer data breaches

The Internet is arguably one of the greatest innovations, but with great innovation, comes great risk. Hackers can digitally access millions of customers' sensitive personal information from leading health insurers. In the past two years, recent data reveals 81 percent of leading health insurance companies experienced data breaches.

Here are six of the biggest data breaches encountered by health insurers.

1. Anthem compromised the information of 80 million patient and employee records when it revealed a data breach in February 2015. The breach occurred over a period of several weeks starting in December 2014, and compromised the names, birth dates, Social Security numbers, emails, healthcare ID numbers, addresses, income data and employment information of patients and employees.1

2. Premer BlueCross BlueShield encountered a mega breach in January that impacted approximately 11.2 million customers. Hackers had access to subscriber data including names, birth dates, bank account information, Social Security numbers and addresses.

3. Rochester, N.Y.-based Excellus BlueCross BlueShield revealed 10.5 million of their customers' information has been compromised by hackers. The insurance company discovered they had been hacked on Aug. 5, 2015 and found the hackers targeted their IT systems dating all the way back to December 2013.2

4. In May, CareFirst BlueCross BlueShield reported the insurance company experienced a data breach that compromised the information of nearly 1.1 million members. The criminals obtained access to members' names, birthdays, email addresses and subscriber information. Because CareFirst had password encryption, hackers did not access members' Social Security numbers, credit card or financial information, employment or medical claim. 1

5. Triple-S Management faced a security breach which compromised the information of approximately 13,300 of the insurer's beneficiaries. The data breach occurred in September 2013 when the insurer mailed a pamphlet to nearly 70,000 Medicare beneficiaries that showed the receiving beneficiary's Medicare Health Insurance Claim Number. The Puerto Rico Health Insurance Administration imposed a $6.8 million penalty claiming Triple-S did not take all the mandated steps in response to the data breach.3

6. On May 27, 2015, Healthfirst, a payer based in New York, was notified that an individual might have stolen PHI of Healthfirst member through the insurer's online portal between April 11, 2012 and March 26, 2014. The breach compromised the information of nearly 5,300 members, although no Social Security numbers or credit card information was accessed.

1. CRN. Available at: http://www.crn.com/slide-shows/security/300077563/the-10-biggest-data-breaches-of-2015-so-far.htm/pgno/0/9

2. Fierce Health Payer. Available at: http://www.fiercehealthpayer.com/story/excellus-bluecross-blueshield-hack-puts-10m-records-risk/2015-09-09

3. Data Privacy Monitor. Available at: http://www.dataprivacymonitor.com/hipaahitech/proposed-6-8m-fine-related-to-puerto-rico-breach-incident/

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months