Cybersecurity - Premera Blue Cross Security Breach
-
Upload
carrie-graham -
Category
Technology
-
view
166 -
download
0
Transcript of Cybersecurity - Premera Blue Cross Security Breach
Premera Blue Cross
By Carrie Graham, Chris Hayden, Matt Sharrah, Saw Oo, King Ng
What happened? Security breach at a large American health
insurance company Captured current and past customer
information Clinical information, along with banking
account numbers, Social Security numbers, birth dates and more
It is the largest breach reported to date involving patient medical information
How? The FBI is still investigating the attack to
determine how it happened Similar hacks from that time employed a
phishing technique (e.g.) prennera.com vs premera.com
When did it happen? Attack Initially Happened: May 5th, 2014 Discovered: January 29, 2015 Announced to public: March 17, 2015
Who Was Involved?
11 million customers of Premera Blue Cross who had their information compromised
Affiliate brands Vivacity and Connexion, as well as any other companies Premera does business with
Federal Bureau of Investigation Cyber security firm Mandiant Hacker(s) unknown
Why attack Premera? Data stolen from health insurers and hospitals typically
fetch at least 10 times more than credit-card numbers on the black market
If APT, information could be used to blackmail government employees
What was the impact and risks?
Up to 11 million individuals had their information compromised
As many as 80 million records were accessed, information dating back to up to 2002
Premera said they planned to offer two years of free credit monitoring and identity theft protection services to affected members
Risk: Loss of reputation drives customers away Risk: Hackers leak any of the stolen
information or sell it for profit
What is the loss exposure? Health care data more valuable than credit card
information on black market Health care companies are huge providers with
government workers Use blackmail later
Reputation damage & possible market share loss Hackers may use data for identity theft, insurance
fraud, and to obtain prescription drugs 5 class-action lawsuits
What did the company do to remediate the situation?
Offered two years of free credit monitoring Mailed data breach notification letters to the 11
million people Forced by state laws to send the letters
Hired cybersecurity firm Mandiant as a consultant to investigate the hack
Recommendations Strengthen information security awareness program Improve vulnerability management (especially network
hosted) and intrusion detection tools
Work Cited Pagliery, Jose. "Premera Health Insurance Hack Hits 11 Million
People."CNNMoney. Cable News Network, 2015. Web. 25 Sept. 2015. Shahani, Aarti. "Premera Blue Cross Cyberattack Exposed Millions Of
Customer Records." NPR. NPR, 18 Mar. 2015. Web. 25 Sept. 2015. Vijayan, Jaikumar. "Premera Hack: What Criminals Can Do with Your
Healthcare Data." The Christian Science Monitor. The Christian Science Monitor, 20 Mar. 2015. Web. 25 Sept. 2015.
Chen, Kelly. "Premera Blue Cross Hacked, Medical Information Of 11 Million Customers Exposed." The Huffington Post. TheHuffingtonPost.com, 17 Mar. 2015. Web. 25 Sept. 2015.
"Premera Has Been the Target of a Sophisticated Cyberattack." Premera Update. N.p., n.d. Web. 25 Sept. 2015.
Kirk, Jeremy. "Premera, Anthem Data Breaches Linked by Similar Hacking Tactics." CSO Online. CSO Media, Inc, 18 Mar. 2015. Web. 25 Sept. 2015.
Thank you! Questions?