Insurance industry groups and insiders are responding to the Premera Blue Cross cyber attack by communicating with clients, offering additional services and stressing the need for immediate action.
The National Association of Insurance Commissioners said it is “coordinating an action plan” in response to the announcement of the security breach at Premera Blue Cross.
Part of that response, explained NAIC Spokeswoman Katherine Jones, is likely a multi-state investigation lead by the Washington state commissioner, where Premera is based. That’s the same protocol the group used after the Anthem attack in February, the largest known health care data breach to date, affecting as many as 80 million current and former policyholders.
The Premera Blue Cross hack comprised the information of significantly fewer consumers than the Anthem breach — more than 11 million customers. But preliminary information suggests the Premera hack includes more sensitive information. Premera said that names, birthdays, email addresses, physical addresses, telephone numbers, Social Security numbers, member IDs, bank account information, medical information, and insurance claims might have been exposed.
“Events like this underscore the need for consumers to take immediate and ongoing action to protect personal information like passwords to bank accounts, credit card companies, health insurance accounts and any electronic database that contains sensitive, personal information,” NAIC President and Montana Commissioner of Securities and Insurance Monica Lindeen said in a statement. “Unfortunately, sophisticated hacks are a threat to nearly every segment of our population, as we’ve witnessed with Sony, Target, Home Depot and Anthem in the past few months.”
In the meantime, NAIC urged consumers to change passwords, check credit reports and carefully monitor all accounts that may contain sensitive information.
America’s Health Insurance Plans also said it is monitoring the issue.
“Health plans are committed to working in partnership with government and other stakeholders to protect consumers, identify potential threats and secure member information,” said Ben Jenkins, AHIP spokesman.
The Premera attack is the latest in a string of high-profile, sophisticated cyber attacks, signaling the need for action, Jenkins said.
“Cyberterrorism is a national security issue that requires strong collaboration between both the public and private sectors to accurately assess emerging threats and prevent future breaches,” he said.
Health data breaches are up significantly over the last couple of years. And medical identify theft increased by nearly 22 percent in 2014 compared to 2013, according to a study from the Ponemon Institute and the Medical Identity.
Carrier, broker response
One of the first orders of business by carriers and brokers has been communication of the problem to consumers.
Premera has been posting updates and news about the hack on its website and said it will continue to do so as more information becomes available. The carrier also said it is making available two years of free credit monitoring and identity protection services through Experian to consumers affected by the incident.
Anthem also moved quickly to provide consumer information after news of its breach, setting up a web page that addressed the incident and providing a set of frequently asked questions for consumers.
Brokers have been reaching out to clients in wake of the breach and helping clients clear up confusion and make sure data is secure. They’ve also been warning customers of phishing campaigns, where scammers seek additional information by posing as Premera representatives.
After the Anthem hack, Susan Rider, national media chair for the National Association of Health Underwriters, told BenefitsPro that brokers and employers groups have been working together to answer questions from policyholders since the data breach was found.
“Brokers are going to have to make sure that their agencies have a form of secure email, that their databases have security,” Rider said last month. “If it can happen to a large company, it can happen to a small company, too. We all have to invest and protect our clients’ data the best we can.”
NAHU chose not to comment on the Premera hack.
Brokers have also been working with employers to offer employees identity theft protection as an additional benefit in the wake of recent breaches.
“Demand for ID theft services continues to grow as people realize it could happen to them,” Claire Terrell, vice president, marketing, for Legal Shield in Dallas told BenefitsPro earlier this week. “You may feel that you will not be targeted, but as you can see from the news, it’s not a matter of `if’ but `when’.”