On March 17, we announced that Premera was the victim of a sophisticated cyberattack. Since that time we have spoken to both individuals and organizations across the Pacific Northwest to both answer your questions and share some of the things we have learned in responding to this attack.
In today's Puget Sound Business Journal, Premera CEO Jeff Roe talks about Premera's response to the cyberattack, including our decision to wait until we had secured our systems before informing members about the attack.
Ultimately, said Roe, "securing our IT systems was the most prudent way to prevent significant harm to our customers, by both protecting their personal information and our ability to serve them as a business."
Other cybersecurity experts, such as Stroz Friedberg, also agree it's essential for organizations affected by cyberattacks to complete their investigations and put measures in place to protect their customers before announcing. Stroz Friedberg CEO Eric Friedberg said earlier this month, "Consider what happens if intruders are still in the system when notification is made. They've just been alerted to step up their game, steal more consumer data, install back doors, and delete evidence. "
As President Obama has acknowledged, cybersecurity is a national concern, and Premera is just one of a number of large organizations who have been targeted over the last two years. We plan to share the lessons we have learned and work with others who want to address the challenge that this issue presents to organizations and individuals across our country.