Rochester, NY-based Excellus Bluecross BlueShield (BCBS) and affiliate Lifetime Healthcare Companies (LTHC) have announced that they were breached back in December of 2013.

The breach puts 10.5 million records in jeopardy. It is not known if personal data was compromised, but the company and related companies are contacting members that the breach could have affected the names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.

Excellus CEO Christopher Booth said: "The investigation has not determined that any such data was removed from our systems. We also have no evidence to date that such data has been used inappropriately.”

The incident affects about seven million members, patients and other individuals who have done business with a variety of Excellus BCBS plans. It also affects about 3.5 million members, patients and others who participate with Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies, and Univera.

All impacted individuals are being notified and offered two free years of identity theft protection and credit monitoring services.

An FAQ posted to the Excellus BCBS website said: We have moved quickly to close the vulnerability, remediate our IT systems and to strengthen and enhance the security of our IT systems moving forward. Our data was encrypted, but the attackers gained unauthorized administrative access to our systems, therefore allowing them to potentially access personal information.”

The FBI has been alerted and are investigating.

Source: SCMagazine