States team up to investigate Premera breach

Insurance commissioners from Washington state, Oregon and Alaska are joining together to investigate the cyberattack that compromised the information of 11 million Premera customers.

The attack against the Mountlake, Washington-based health payer initially occurred May 5, 2014, but it was not detected until Jan. 29 of this year. Information compromised may include Social Security numbers, member identification numbers, medical claims information and bank account information.

The three states will do a "market conduct examination" of the company, Washington Insurance Commissioner Michael Kreidler said in a statement this week. They will conduct on-site reviews of the payer's records and transactions, and may also look into how the breach happened, what data was compromised and the actions Premera has taken in the wake of the attack, he said.

An audit report received by Premera three weeks before its systems were breached warned of looming network security issues. The report, sent by the U.S. Office of Personnel Management's Office of the Inspector General to Premera on April 18, 2014, outlined several vulnerabilities in the systems.

The states' investigation will be done with the help of a cybersecurity firm, and once completed the report will be made available to the public. The investigation could take several months to a year, according to Kreidler.

"We take the recent cyberattack at Premera very seriously," Kreidler said. "Insurance regulators across the country are on high alert given the recent breaches both at Premera and Anthem and we will use every resource within our authority to ensure that consumers are protected and to see that insurers are responding appropriately."

To learn more:
- here's the statement