An insurance regulator criticized Premera Blue Cross on Tuesday for apparently waiting six weeks to notify his office of a significant data breach.
Washington Insurance Commissioner Mike Kreidler expressed concern about the gap of time between the discovery of the hack — which exposed information for 11 million people — and when the firm reported it to state authorities.
{mosads}“I understand that the company was working closely with the FBI and cyberattack experts to clean their system of the infection,” Kreidler said in a statement.
“Premera has assured me that there is no evidence to date that any information was removed from their system or that any data has been used.”
Primera Blue Cross, which primarily serves customers in Washington state and Alaska, revealed Tuesday that hackers gained accessed to sensitive data including Social Security numbers and bank account information.
The company discovered the attack on Jan. 29 but traced the original intrusion back to May 5, 2014.
The breach is the second in as many months in the health insurance world. Anthem, the nation’s second largest medical insurer, was hit by a cyberattack last month that compromised information for 80 million people.
Kreisler said he will ask all insurers that operate in Washington state to review their cybersecurity policies.