HITRUST C3 Alert: Premera Cyber-Related Breach

It was announced yesterday that Premera Blue Cross had been victim to a cyber-related breach.

Prior to yesterday, the HITRUST Cyber Threat XChange (CTX) had published multiple threat reports including threat indicators of suspicious activity associated with Premera (wee HITRUST CTX TIP Number 92: https://hitrustctx.threatstream.com/tip/92). This HITRUST CTX threat report was posted on February 20 and last modified today, March 18th, 2015. As indicators of compromise (IOCs) became available, HITRUST immediately shared them through the CTX.

In addition HITRUST, in conjunction with ThreatStream, continues to work with intelligence sources related to the suspicious domain (prennera.com), which is linked to a Deep Panda's phishing attack method also leveraged in the recent Anthem breach. Early speculation is this breach is also tied to threat actor Deep Panda and the initial incident may date back as far as May 2014.

HITRUST is continuing to monitor the Premera situation and will continue to distribute information, as it becomes available, and work with the industry to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.

These efforts are all an important part of the ongoing HITRUST information sharing process. The HITRUST Threat Intelligence and Incident Coordination Center (C3) has been sharing threat intelligence on a regular basis through the automated HITRUST CTX, the most active and comprehensive exchange in the healthcare industry. HITRUST, as a federally recognized ISAO, also shares IOCs with HHS, DHS , and U.S. CERT (who also shares these with other industry ISAOs).

We encourage organizations to leverage the HITRUST CSF, participate in the CyberRX program and HITRUST monthly cyber threat briefings to better prepare and respond to cyber-related incidents. More information on these programs can be found at http://hitrustalliance.net/cyberrx/, and at http://hitrustalliance.net/cyber-threat-briefings/