Hackers might have gained access to the sensitive personal information of tens of thousands of federal employees in the Premera Blue Cross breach, including medical data.
The nonprofit health insurance company, based in Washington state, maintains an active contract with the Office of Personnel Management (OPM) to provide medical coverage to federal workers.
{mosads}The contract was discussed in a security audit conducted just prior to the breach, in which OPM found that Premera was less than timely in implementing critical security patches.
It was also confirmed Thursday by Premera spokesman Eric Earling, who said there are about 130,000 federal workers currently on the company’s rolls in Washington state and Alaska.
Premera revealed this week that the information of 11 million current and former customers might have been exposed to hackers during a cyberattack on May 5 of last year.
The data exposed to intruders includes bank account numbers for some individuals, as well as names, Social Security numbers and addresses.
The breach is notable because it might have also exposed claims data, which would reveal details about the health status and medical care of individual patients.
Earling said there is no evidence that information was taken from the system.
A spokesperson for OPM said the agency is monitoring the investigation into the breach.
“The U.S. Office of Personnel Management (OPM) was notified of the data breach at Premera Blue Cross on Tuesday, March 17, and will remain in contact with the Federal Bureau of Investigation and the company as their investigation into the incident continues,” said the spokesperson in a statement.
“OPM also will continue to monitor the company’s efforts to mitigate information security vulnerabilities, including those identified by OPM Office of the Inspector General. The security of the sensitive information provided to OPM and held in contractor systems is a responsibility we take very seriously.”
There are many unanswered questions about the breach, but the potential exposure of health information is a crucial point, as those details could potentially be used to blackmail or target individuals.
Some experts theorize that China is breaching U.S. health insurance companies — including Anthem, which disclosed a major intrusion last month — to harvest information for use in espionage. The absence of Anthem and Premera data on the international black market supports this idea, they argue.
Premera provides medical coverage for several major corporations, including Microsoft and Starbucks.
The breach could affect policyholders from as far back as 2002, as well as Blue Cross and Blue Shield customers who sought medical care in Washington state or Alaska, Premera said this week.
— Updated at 1:39 p.m.