Excellus BlueCross BlueShield health insurer was targeted in a cyber attack recently. On August 5, 2015 the internet security team realized they were hacked. They learned that data back in late 2013 was breached. About 7 million members and an additional 3.5 million from their affiliates are affected. Those impacted are being offered 2 years of credit monitoring services. Information on monitoring can be found here.

Without knowing the particulars, I can make an educated guess as to how Excellus discovered the breach, how they missed it, and how they could have avoided it. Here’s my take on it:

The internet security team are most likely not dedicated personnel. They are existing network personnel who are trying to wear many hats. They most likely missed the breach because they were over worked and do not peruse their log files on an ongoing basis. Another strong possibility is that their security patches for their network were missed. Missing security patches are not necessarily the fault of the workers, as it could have been an issue with the vendor not putting out the patches in time. More than likely however, it was over worked personnel.

Now as for how it could have been avoided. As mentioned above, it would have been best to have a dedicated network security person or even team employed. The professional or professionals would have then more than likely implemented multiple layers of protection. If one layer failed, the next layer would still provide a measure of safety. Logs and activity should have been monitored automatically and checked manually on a frequent basis.

It is also unlikely that lower security level employees are to blame as they and their systems should have no access to continuous data streams. Making updates manually only touch one record at a time when done by a human being, so an entire database for example, should not be accessible to a lower security level employee.

If you have a business that has confidential health care information or any other sensitive data, I am available for consultation services. I will work with you in ensuring your data is locked out of the hands of hackers. Call 315-676-9096 for an appointment.