After a recent attack on an Idaho health insurer, other companies are on the alert for cyberattacks.
Blue Cross of Idaho reported earlier this week that their website had been compromised by hackers in March. The attack gained access to provider payment records that included patient names, account numbers and billing codes for the procedures they had. More sensitive information, including Social Security numbers, was not compromised in the attack.
Blue Cross of Idaho vice president of communications Paul Zurlo said that the 5,600 patients who had been compromised by the attack had been contacted, along with the Federal Bureau of Investigation. Because of the ongoing investigation, the company was unable to say how many of the compromised patients live in eastern Idaho.
“We have not identified any unauthorized use of personal data and will keep close watch for illegitimate activity,” Zurlo said in a written statement.
According to Robert Culpon, hacking attempts like the one that struck Blue Cross are fairly common. Culpon works for Anderson Zurmuehler, a Montana-based business consulting company that runs cybersecurity for another insurance provider in eastern Idaho, Mountain Health Co-Op.
“Any time you’re connected to the internet, you see malicious traffic trying to get into your networks and data,” Culpon said.
The most common form of an organized attack is a phishing scam, which Curlo called a ‘socially engineered’ attempt. Hackers send an email to employees or customers of a company pretending to be from a trusted party, hoping to trick them into clicking on a link or opening a file that will compromise their computer.
To reduce the risk of one of these attacks, Mountain Health Co-op has trained the workers at their company and vendors that manage patient records to watch for and report suspicious behavior as soon as it is detected.
Mountain Health’s vice president of information technology, Donny Reichert, said the company had never had a serious hack directed at them. Even if an attempt was made to compromise their website, he believed the relevant patient records would be inaccessible on the servers of another vendor.
“We don’t have direct access to that data through our websites. I think it’s not as likely we would be compromised in the same way that Blue Cross was by an attack,” Reichert said.
Culpon advised concerned patients to use different passwords on all of their accounts to limit their chance of being compromised by an attack.