Investigation Launched into Excellus BlueCross BlueShield Data Breach

An investigation is being launched into the massive breach of the computer network of health insurance giant Excellus Bluecross BlueShield, after the cyber attack was not discovered for nearly two years.

The first breach into the Excellus systems is believed to have taken place in December of 2013, but news reports indicate the company did not discover the breach until August of this year — and it wasn't reported to the public until September, more than a month later.

Get LifeLock protection now.

News reports indicate the records of roughly 10.5 million Excellus customers may have been accessed in the cyber attack — and that number could still grow. Further exploration indicates customers of other BlueCross and BlueShield plans may also be at risk, including customers of Lifetime Benefit Solutions, Lifetime Health Medical Group, Lifetime Care, The MedAmerica Companies and Universal Healthcare, according to Tech Times.

Most of the customers are believed to be from upstate New York, near the company's headquarters in Rochester, though the company covers customers all over the country.

The Federal Bureau of Investigation as well as the law firm Keller Rohrback LLP are now investigating the breach, Tech Times reports.

Breaches of healthcare and medical-related companies are up 125 percent since 2010, making them the leading cause of identity theft, a new study by the Ponemon Institute indicates. A recent report by the firm KPMG indicates 81 percent of all healthcare insurers reported experiencing some sort of data breach in the past two years alone.

Health and medical-related companies are data gold mines for hackers, based on the wide variety of personally identifiable information they contain. The Excellus breach reportedly contained clients' names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claim information, company representatives told USA Today.

An Excellus spokesperson told Tech Times the company takes the breach very seriously. After two similar high-profile breaches of healthcare companies Anthem and Premera took place recently, Excellus hired cyber security firm Mandiant to do a complete forensic overhaul of its systems earlier this year — which is how the breach was discovered, USA Today explains.

Fortunately, Excellus announced last week that “no inappropriate action" involving any of its clients' personal information has been discovered, to date. The company also announced it is offering two years of identity theft protection and monitoring services to all affected customers as a precaution.

More information about the Excellus data breach can be found on a special Web page created by the company, at

4 Million Members and Counting


"I almost lost my job because someone used my driver’s license and received 8 violations."
- Casey S.


"All of my personal information, even my social security card, was taken."- Jamie A.

It only takes minutes to sign up.

Start Your Membership