Excellus BlueCross BlueShield data breach hits 10 million


The Excellus BlueCross BlueShield data breach is now believed to affect over 10 million of its subscribers, most of whom reside in upstate New York. 

Members of other BlueCross BlueShield plans who sought treatment at one of Excellus’ service areas may also have been affected. Subscribers of the following other affiliates may also have been affected: Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare.

The intrusion into the Excellus systems began nearly two years ago, with hackers apparently first accessing the systems on December 23, 2013. Excellus discovered the hack only a month ago, on August 5, 2015.

The company’s president and chief executive officer has confirmed that attackers may have gained unauthorized access to individuals’ information, which could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information. These types of critically important information are used to commit fraud or identity theft.

“Given the highly confidential and personal nature of medical information, health care consumers have a right to expect that their information will be kept safe from criminals who can use this data to commit identity theft and fraud,” said Cari Laufenberg, a member of attorney Keller Rohrback’s complex litigation group, which is investigating the breach.

Excellus, BlueCross BlueShield, Cari Laufenberg, US