Connexion announces cyberattack
Connexion Cyber Attack
Connexion’s parent company, Premera Blue Cross, was the victim of a cyberattack. This attack also affects Connexion producers and those who have enrolled in coverage through Connexion. The security of their clients and members’ personal information, as well as the information of those with whom they do business, is a top priority for Premera and Connexion. They regret any concern this incident may cause.
The attackers gained access to Premera’s Information Technology (IT) systems and may have gained access to the personal information of their producers and members whose insurance applications were processed through Connexion.
That information could include name, date of birth, address, telephone number, email address, Social Security number, medical information and bank account information. It’s important to note that Premera’s investigation has not determined that any such data was removed from their systems. They have no evidence to date that such data has been used inappropriately.
Why is Connexion data involved?
Since Connexion is a wholly owned subsidiary of Premera, they use some of the corporate services provided by Premera. While Premera employees don’t have access to Connexion’s local area network (LAN), much of their information is stored on Premera-owned servers, and thus the cyberattack may have accessed information there.
Premera is taking three key steps to address this situation:
They’re offering everyone affected two years of free credit monitoring and identity protection services from Experian. Anyone who believes they were affected by the attack can begin signing up for those services today. No enrollment code is necessary.
Premera has notified the FBI as part of the investigation and has been coordinating its own investigation into this attack.
Premera worked with Mandiant, one of the world’s leading cybersecurity firms, to both investigate the attack and cleanse their IT system of the infection created by that attack. They’re taking additional steps to strengthen and enhance the security of their IT systems moving forward.
Some Connexion systems were spared from the cyberattack, including their agency management system (which includes myBusiness), their website, their broadcast email system and their Group Quote tool.
Where to get more information
Individuals and producers whose information may have been accessed during the attack will be notified by mail, starting March 17. Premera has set up a dedicated website, www.premeraupdate.com, where clients can get more information and details on how to sign up for two years of free credit monitoring services. There is also a dedicated call center for anyone affected by the attack: 1-800-768-5817.