The non-profit mutual insurance organization Blue Cross of Idaho has confirmed that, in recent days, an unidentified user has been able to access its contributor portal to extract confidential information of nearly 6000 people, reported cyber forensics course specialists from the International Institute of Cyber Security (IICS).
Through a statement, the non profit insurer mentioned: “On 21 March an unauthorized user accessed the Blue Cross of Idaho provider portal; the unknown user attempted to divert a financial transaction fraudulently. The attack was detected in time and our security teams are monitoring the portal.
However, the next day, Blue Cross confirmed
that, during the incident, the attacker got access to financial documents of
some providers which even contain personal health details, the cyber forensics
course experts mentioned.
The information accessed by the unauthorized threat actors includes:
- Member
names - Membership
number - Date
of service - Name
of health care provider - Patients’
account number - Among
other data
Social Security Numbers, driver’s license, payment card details or health diagnoses of the Blue Cross members have not been compromised in this incident.
The insurer reported the incident to the U.S.
federal authorities. In addition, after an internal investigation, the
organization stated: “We believe that the attacker could have accessed
about 1% of the total records of Blue Cross of Idaho”.
Blue Cross, in conjunction with the FBI,
will maintain surveillance on the insurer’s portal in the face of the
possibility that new cyberattack will be presented, commented the cyber forensics
course experts.
So far the company has no evidence to confirm a
malicious use of the compromised information, although they have already
announced some measures for the protection of its affiliates; Blue Cross will
begin restoring the subscriber numbers of affected users, and Blue Cross also
offers potentially affected users three years of free credit online monitoring
services.
