Rochester, New York-based Excellus BlueCross BlueShield has become the latest health insurer to fall victim to a cyberattack, the company announced Wednesday.
The breach, which the insurer says it uncovered Aug. 5, could put 10 million of its members' personal records at risk, according to the Associated Press. Excellus and its affiliates waited to make the breach public while they worked with the FBI to "close the vulnerability" and determine who may have been affected, according to the insurer.
The investigation revealed that an initial attack on its IT systems occurred as far back as Dec. 23, 2013, the company says. Excellus began to mail letters to the affected individuals Wednesday, and plans to offer its members two years of free identity theft protection. Information compromised could include names, dates of birth, Social Security numbers, financial account information, claims information and more.
Excellus' other affected affiliates include Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare, the AP reports.
"We want you to know that protecting your information is incredibly important to us, as is helping you through this situation with the information and support you need," CEO Christopher C. Booth wrote in a message to members as part of the breach announcement.
Excellus is not the first Blues affiliate to suffer a breach. A massive cyberattack on fellow insurer Anthem in February compromised the information of 80 million customers. Premera Blue Cross and CareFirst also have experienced attacks. In response, the national Blue Cross Blue Shield Association (BCBSA) announced in July that it will offer all 106 million of its members identity protection starting next January.
Excellus notes that its breach is not related to the Anthem, Premera or CareFirst attacks.