About the Cyberattack

  • On January 29, 2015, Premera discovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to our Information Technology (IT) systems. Our investigation further revealed that the initial attack occurred on May 5, 2014. As part of our own investigation, we notified the FBI and are coordinating with the Bureau's investigation into this attack.

    We worked closely with Mandiant, one of the world's leading cybersecurity firms, to conduct our investigation and to remove the infection created by the attack on our IT systems. Along with steps we took to cleanse our IT system of issues raised by this cyberattack, Premera is taking additional actions to strengthen and enhance the security of our IT systems moving forward.

    This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands, Vivacity and Connexion Insurance Solutions, Inc. Our investigation determined that the attackers may have gained unauthorized access to applicants and members' information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.

    Some individuals that have done business with us and provided us with their email address, personal bank account number or social security number were also affected. The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.

    We sincerely regret the frustration and concern this incident may cause. The security of our members' personal information is a top priority.

    Frequently asked questions

    Q: What happened?

    Premera has been the target of a sophisticated cyberattack that gained unauthorized access to our IT systems. Our investigation has not determined that any data was removed from our systems. To date there is no evidence that any data has been used inappropriately. The security of our members' personal information is a top priority, and we are taking proactive steps to address this issue.

    Q: Has my information been accessed?

    Our investigation determined that attackers may have gained unauthorized access to personal information, but we have not determined that any information was removed from our system. We understand that this may be concerning to those involved and mailed letters to everyone whose information was affected by this attack.

    Q: What information may have been accessed?

    Depending on your relationship with Premera, we may hold different types of information about you. The information that may have been accessed could include your name, address, email address, telephone number, date of birth, Social Security number, member identification number, medical claims information and in some cases, bank account information. Premera does not store credit card information for members, so your credit card information is not affected by this attack. Our investigation has not determined that any information was removed from our systems and there is no evidence to date that any such information has been used inappropriately.

    Q: What else can I do to protect my personal information?

    Premera will not email you or make unsolicited phone calls to you about this attack. You should not provide your personal information in response to an email or unsolicited phone call that claims to be related to this attack. You should review your Explanation of Benefits (EOB) statements when you receive them. If you see services on your EOB that you did not obtain, please contact us using the number on the back of your ID card.

    Q: Did this attack affect all Premera lines of business?

    This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands, Vivacity and Connexion Insurance Solutions, Inc.

    Q: Was the data accessed in the cyberattack encrypted?

    Our data was encrypted, but the attackers gained unauthorized access to our systems, therefore allowing them to potentially access personal information.