This breach/attack affects Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, Vivacity and Connexion Insurance Solutions.  Connexion is interesting as it’s also a private insurance exchange that sells health insurance. Connexion wantsimage developers to write apps for them too and even has tabs on the site where you can “upload apps” and I would say for now they might have those shut down.  Connexion also has a referral fee to pay out to businesses for referrals to them.  So hey just the kind of companies you want to spend your time writing apps for right? 

Insurance Carriers and Brokers Are Big Data Players With Data Mining, Selling and Analytics–Need to License All Data Sellers So We Know Who The Big Profiteers Are..

As I mentioned before we don’t know exactly what these hackers have in mind but there’s been a bit of ruckus with the Dark Web sites that sell stolen data and I keep telling folks that eventually their data will be repackaged and sold as legit.  It’s not very hard for hackers with some basic SQL skills to do that and with a few queries there would be no need to mention anything about Blue Cross as the data can be sold to many other entities.  Keep an eye open on sites like this as this is where repackaged data will show up (link below) at sites that do data exchanges for money.  Everyone seems to be ignoring this fact and it’s one to not be passed over as it’s not that hard for the crooks to go this route.  It’s just like counterfeit drugs that get into the system, except data is easier to disguise as legit, again with some skilled hackers out there. 

“The Data Exchange” Buy and Sell Data on Self Service Website, One More Reason to Index and License Data Sellers-This Appears to be Open Game for Selling Repackaged Personal Data-No Privacy At All

It sounds like this time they got into claims and there’s a wealth of information contained there for sure.  Again we don’t know what the hackers have in mind to monetize the the stolen data but that’s what they are in it for.  You know it’s just too darn bad that insurers spend millions on collecting data for sale that has nothing to do with giving medical care and who knows if any of that, like credit card transaction data, consumer scoring numbers, etc. was taken.  If insurers would just spend a bit more on security and cut back on the data selling, maybe things could improve.

Health Insurance Business Is Driving Itself Off a Cliff & Doesn’t Know When to Stop With Collecting, Analyzing and Processing Non Relevant Data With Little Or No Impact On Giving Good Care..
Health Insurance Companies Providing Charge Cards And/Or Coupons For Healthy Foods–More Data To Collect About You And Potentially Repackage and Sell For A Profit…

I’ll repeat this again and ask for some contributions as we need to index and license All data sellers..who are they?  Will your data show up for sale on legit data exchange selling sites?  It certainly could.  Again the hackers could lie low and wait a few months before their reformatted and repackaged data shows up.  It’s already being done and we can’t identify much of it as we don’t license any of these people who strip consumer dignity and sell our personal data. 

Here’s the campaign and there’s a couple interesting updates too on credit cards and how you might have to pay for some news one day too.  BD

Campaign to Create Transparency with Consumer Data Selling-Index and License all Data Sellers

BOSTON — Health insurer Premera Blue Cross said on Tuesday it was a victim of a cyberattack that may have exposed medical data and financial information of 11 million customers in the latest serious breach disclosed by a health-care company.

It said the attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Securitynumbers, birth dates and other data in an attack that began in May 2014.

It is the largest breach reported to date involving patient medical information, according to Dave Kennedy, an expert in health care security who is chief executive of TrustedSEC.

The breach was uncovered on Jan. 29, the day that insurer Anthem disclosed a cyberattack involving records of some 79 million members in Blue Cross Blue Shield plans across the country.

A Premera spokesman, Eric Earling, said the two attacks were unrelated and that his company independently identified its breach.


Post a Comment