Report Indicates Premera Knew of Vulnerabilities Before Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report Indicates Premera Knew of Vulnerabilities Before Breach

March 19, 2015
by Gabriel Perna
| Reprints

A government agency warned health insurer Premera that its data protection practices were not up to industry standards right before it was victimized by a major cyber attack.

The report, from the U.S. Office of Personnel Management's Office of the Inspector General, was released on Apr. 17, 2014. One month later, Premera was a victim of a cyber attack that affected up to 11 million of its customers, the Mountlake Terrace, Wash.-based company revealed this week. The company had discovered the breach in late January.

The report details Premera’s lack of thorough network security controls, saying the company’s patches were not being implemented in a timely manner and there had been no methodology to ensure unsupported out-of-date software is not utilized; and it had an insecure server configuration. Importantly, the authors said that its vulnerability scan revealed that several servers contained insecure configurations that could allow hackers access to sensitive information. Premera promised to “remediate” that last one by the end of 2014.

Furthermore, the authors of the report noted the physical access controls to the Premera’s data center could have been improved and lack of compliance with its password policy. It also said that Premera’s disaster recovery testing planning methods could be improved, which the insurer disagreed with in its response.

In an interview with The Seattle Times, a spokesperson for the company said the concerns outlined in the audit and the hack were separate issues.

Premera is the second major payer to be the victim of a cyber attack. Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems in February that exposed the personal data of approximately 80 million customers.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.