So far, however, Premera has seen no signs that such data has been used “inappropriately,” the company said in a statement today.
Nearly seven weeks ago, Premera uncovered “a sophisticated attack to gain unauthorized access” to its systems, and the company later realized the attack was actually first launched on their systems in May 2014, according to the statement. Premera immediately notified the FBI and enlisted a leading cybersecurity firm, Mandiant, to help remove “infection” created by the attack, the statement added.
The FBI applauded Premera for “quickly notifying” the U.S. government, saying the company’s response “is a model for other companies facing cyber intrusions, as rapid notification allows the FBI to quickly deploy our cyber experts to preserve evidence and work with a company's incident responders to help recover their networks.”
“Cybercrime remains a significant threat and the FBI will continue to devote substantial resources and efforts to bringing cyber criminals to justice,” FBI spokesman Joshua Campbell said in a statement.
Premera is associated with Blue Cross Blue Shield. According to the company, the intrusion affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions.