An employee at Blue Cross Blue Shield of Minnesota blew the whistle on thousands of updates to its computer system that have not been made, according to the Star Tribune.
The whistleblower said that by failing to conduct important computer system updates, the insurer has allowed 200,000 vulnerabilities to linger. The vulnerabilities have been labeled as "critical" or "severe."
In recent weeks, Blue Cross Blue Shield of Minnesota has been working to fix the vulnerabilities and reduce the likelihood of a cyberattack, according to Amy Eklund, chief information security officer at the company. Executives allegedly knew about the vulnerabilities for years.
"We certainly understand that our members expect us to protect their most sensitive data, and we want them to know that we are committed every single day to doing just that," Ms. Eklund told the Star Tribune in a statement.
Patches for most of the vulnerabilities are available.