Have you had Premera Blue Cross health insurance or otherwise been a Premera customer since 2002?
If so, your personal information may have been hacked and you may have been exposed to the risk of identity theft.
Pfau Cochran Vertetis Amala PLLC is using the class action lawsuit to seek all available remedies to help protect victims in the future. Premera’s offer of 2 years of credit monitoring is a start, but it doesn’t go nearly far enough. One of the things we’ll be seeking in the lawsuit is lifetime credit monitoring for all victims of this data breach.
11 Million Premera Members Potentially Exposed by Data Breach
Premera Blue Cross is a health insurance company headquartered in Mountlake Terrace, WA.
Premera insures millions of customers across the Pacific Northwest through individual and group (for example, employer provided) health insurance plans.
On March 17, 2015, Premera announced that its systems were hacked in a “sophisticated cyberattack,” potentially exposing the information of up to 11 million Premera customers. The potentially exposed information includes customers’ full names; Social Security numbers; bank account information; dates of birth; addresses; email addresses; telephone numbers; and claims information, including clinical information.
The attack also affected the systems of Premera Blue Cross Blue Shield of Alaska and Premera’s “affiliate brands,” Vivacity, Connexion Insurance Solutions, LifeWise Health Plan of Washington, LifeWise Health Plan of Oregon, LifeWise Assurance Company and LifeWise Health Plan of Arizona.
The attack happened May 5, 2014, but Premera did not have the security systems in place to discover the breach until January 29, 2015. This likely means that the hackers had access to the above information for more than 8 months.
Federal Auditors Warned Premera Blue Cross About Security Before the Breach
Federal Auditors Inspected Premera Blue Cross in January 2014, and we have the Report
PCVA has obtained a copy of the Office of Personnel Management’s report of the audit of Premera’s systems. It lists 10 “opportunities for improvement” in Premera’s access controls. Of note to us were the following:
Failure to implement software patches in a timely manner
Failure to promptly install important updates increases the risk that vulnerabilities will not be remediated and sensitive data could be breached.
The results of the vulnerability scans indicated that several servers contained noncurrent software applications that were no longer supported by the vendors and have known security vulnerabilities.
…Failure to promptly remove outdated software increases the risk of a successful malicious attack on the information system.
Insecure Operating System Configuration
The results of the vulnerability scans also indicated that several servers contained insecure configurations that could allow hackers or unprivileged users to insert code that would result in privilege escalation. The escalated privileges could grant the hackers unauthorized access to sensitive and proprietary information.
You can download a copy of the full Audit Report by clicking here: Audit of Information Systems General and Application Controls at Premera Blue Cross (7MB PDF)
Anyone who provided information to Premera since 2002 at risk
Premera has stated that the information in its systems dated back to 2002.
This data consisted of information provided by:
- Premera applicants
- Premera subscribers
- Premera Blue Cross Blue Shield of Alaska applicants and subscribers
- Vivacity applicants, customers, and members
- Connexion applicants, customers, and members
- Individuals “doing business” with Premera
- Members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska
If you fall into any of the above categories, your personal information is at risk. Premera has stated that it has begun sending letters to affected individuals and that those letters should be received by April 20.
Data breach poses a real risk of identity theft
The types of information potentially exposed during the Premera data breach are the virtual keys to your identity. With this information, hackers can wreak havoc in your life. Your tax return can be stolen, or subverted by a hacker with your Social Security number and address. Your bank’s customer service center may authenticate “you” by your address, date of birth, and a few digits of your social security number. Someone can file for unemployment in your name, causing a big headache for you and your boss. Of course, there’s the old standby of using your information to open new credit accounts and racking up huge balances that will affect your credit score.
Do I have a legal right to protect myself?
Violation of Numerous Laws and Regulations
Numerous federal laws and regulations require health insurers like Premera to utilize the strictest measures possible to protect the personal information of its applicants and subscribers. We believe that the data breach in and of itself is a clear violation of these laws and regulations.
Additionally, a recent Seattle Times article revealed that federal auditors warned Premera of its vulnerability to hacking three weeks before the data breach happened. Two weeks before the breach occurred, those federal auditors gave Premera a list of findings and ten specific recommendations for improving its cybersecurity. Premera, however, did not respond to these findings and recommendations until June 30, 2014, almost two months after the breach. And Premera did not even discover the breach until January 29 of this year.
Simply put, Premera knew this attack might happen and what it could do to better secure its systems. However, it failed to implement those measures promptly and allowed hackers to access its systems for up to eight months. Under these straightforward facts, we believe Premera may be liable to you for any unauthorized access or use of your personal information. That is why we have filed a class action lawsuit on your behalf.
Premera Data Breach in the News
Why choose Pfau Cochran Vertetis Amala PLLC?
Class Action Lawyers with a Proven Record
Our law firm has litigated against huge corporations in the health care industry and brought complex class action lawsuits on behalf of thousands of wronged individuals. Most importantly, our law firm has a proven track record of highly successful results in these class action lawsuits, such as securing a payment of $85,000,000 – one of the largest jury verdicts ever against the State of Washington – to thousands of in-home care providers cheated out of wages by the State and a $7,500,000 payment to thousands of victims of fraudulent medical bill collections.
Whether this class action goes to trial or settles, we know how take on the health care industry, and we know how to win. And, with our law firm’s cutting-edge technology, we are available to you 24/7.
If you believe your personal and medical information has been exposed or your identity stolen as a result of the Premera hack, contact us for a free, confidential consultation at 1-800-349-PCVA (7282) or by filling out the contact form below.