Excellus BCBS still unclear on how hackers accessed systems

The fallout continues for Excellus BlueCross BlueShield, with at least 12 lawsuits filed against the health insurer and its corporate parent, Lifetime HealthCare, over the cyberattack that potentially exposed 10 million members' records, according to the Democrat and Chronicle.

Excellus announced the breach in early September, and yet the company still does not know how the attackers breached its security measures, according to the article. Excellus spokesman Jim Redmond told Democrat and Chronicle that the security consultant it hired to investigate the breach cannot produce any evidence to explain how hackers got into the company's computer systems.

"The attackers used techniques to actively hide their presence in our environment during the compromise, which included using legitimate credentials to blend in with 'normal' traffic," Redmond said.

The cyberattack on the Rochester, New York-based company was uncovered in early August, but the initial attack on its IT systems date back as far as Dec. 23, 2013, FierceHealthPayer has reported. The company has offered no detailed explanation of why it took so long to uncover what it has called a "highly sophisticated" hacker assault, the newspaper added.

Meanwhile, individuals have filed lawsuits claiming they have been victims of credit card fraud or identity theft as a result of the data breach, according to the article. A class-action lawsuit is now taking shape in federal court, although it's unclear which of the more than 10 million customers whose data was potentially comprised can be included in that legal action.

Excellus is not alone in grappling from the fallout of a cyberattack. Fellow insurers Anthem, Premera Blue Cross and CareFirst all have experienced their own breaches.

To learn more:
- read the article