FireEye is heading the investigation, incident started in 2013 Excellus BlueCross BlueShield, a health insurer in upstate New York, said on Wednesday that its systems and those located at affiliates had been compromised, potentially exposing the personal information of nearly ten million members.The breach was discovered on August 5, and additional investigation revealed that the incident started around Christmas in 2013. Excellus discovered the breach after hiring FireEye to assess their network.The company had been following the security problems at other BlueCross BlueShield providers, as well as the issues at Anthem, and felt an assessment was in order. It wasn’t long before teams from FireEye had detected problems.In a statement, Excellus said that the person(s) responsible for the attach might have gained access to personal information, including “name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.” “The most compelling element of this episode is the 20 months it took Excellus to discover the breach and put a stop to it,” said Jeff Hill, Channel Marketing Manager for STEALTHbits, in a statement.“Twenty months exceeds the average breach discovery time – about 200 days – but in Excellus’ defense, it beats the over 5 years hackers ran wild on the newswire services’ networks before being discovered by the SEC, not internal IT systems. “Gone are the days of smash-and-grab operations executed by impetuous, immature hackers. Of the newest weapons and tactics being deployed by today’s attackers, patience may be the most dangerous development.”Those who have had their information exposed will be contacted by postal letter. However, Excellus stressed that while the network was breached, and there is evidence of such, there is no evidence that any personal information was exported from the network.Still, out of caution, the company (through their corporate parent Lifetime Healthcare) is offering two years of credit monitoring and identity theft protection to those affected. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe