Premera Blue Cross, a health insurer based in the Pacific Northwest, says it was the victim of a cyberattack that could affect 11 million people.

The company says hackers gained access to its information technology systems. The breach could have exposed members’ information including names, dates of birth, Social Security numbers, mailing and email addresses, phone numbers, member ID numbers and bank account information.

It says claims information, including clinical information as well as the personal information of people who did business with Premera, could also have been exposed.

The Mountlake Terrace, Washington, company says it has not found evidence that data was removed from its systems or that customer information has been used inappropriately.

The attack occurred May 5 and Premera discovered it Jan. 29. Washington State Insurance Commissioner Mike Kreidler released this statement yesterday.

Premera notified me this morning about a cyberattack affecting more than 6 million of its Washington customers and assured me they are taking all necessary steps to alert impacted consumers and to protect their confidential information. They also committed to take all necessary steps to bolster their security systems against future attacks.

I shared my immediate concern that consumers be notified as soon as possible about this data breach and that Premera make all resources available to protect consumers’ personal data.

I’m concerned that while Premera learned of this attack in January, it took approximately six weeks to notify my office. I understand that the company was working closely with the FBI and cyberattack experts to clean their system of the infection. Premera has assured me that there is no evidence to date that any information was removed from their system or that any data has been used.

The company described the steps it is taking to notify policyholders and to set up credit monitoring for everyone impacted. We will be closely monitoring the company’s response including:

  • Reviewing the notices to consumers about the steps the company is providing to protect their personal data.
  • Ensuring the company is taking appropriate steps to protect consumers’ personal data.
  • Getting updated progress reports on their communication efforts to affected consumers.
  • Examining all steps the company is taking to bolster its security system.

I urge all consumers who receive notice from Premera Blue Cross or LifeWise about this cyberattack to review it carefully and follow all steps outlined to ensure they’re protected. Additional information can be found at www.premeraupdate.com

Insurance regulators across the country are on high alert given the recent data breach at Anthem Blue Cross and Blue Shield and are working closely to review what occurred and will be looking further into Anthem’s past practices.

In light of these recent attacks, I will be requesting that all insurers doing business in Washington state review their own cybersecurity and take appropriate measures to protect their enrollees’ personal data.