Washington, Oregon and Alaska are launching a multi-state examination of Mountlake Terrace, Wash.-based Premera Blue Cross, which earlier this month reported a cyberattack affecting 11 million customers, employees and business affiliates.
Premera reportedly discovered the attack Jan. 29, and reported it March 17. Investigations into the cyberattack indicate the initial hack occurred May 5, 2014. Additionally, a March 2014 audit of Premera's application controls found weaknesses in the network security, suggesting the payer knew of vulnerabilities two months before the cyberattack.
The states' examination, to be led by Washington state, will be a market conduct exam, which are on-site reviews of an insurer's financial books, records and transactions and how this information relates to the insurer's activities in the marketplace, according to a news release.
Residents of these three states all were impacted by the breach.
The details of the exam are still being discussed, but could include all cybersecurity aspects of the breach, Premera's response to the breach and the financial impact of the breach. States involved in the exam will work with a cybersecurity firm to determine when and how data was breached, what data was compromised, how the attack was able to succeed and whether Premera has taken adequate steps to prevent future attacks, according to a release.
The final report will be available to the public, but there is no determined completion data for the exam.
More articles on data breaches:
The cost of a healthcare data breach
Advantage Dental in Oregon notifies more than 151,000 of data breach
After data breaches, states reform encryption laws