Excellus BlueCross BlueShield, a plan covering New York, revealed Wednesday that a cyberattack to its systems exposed the personal data of more than 10 million people.

Excellus discovered the attack on Aug. 5 and learned that an initial attack occurred on Dec. 23, 2013. Attackers may have gained access to members’ and patients’ names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information, Excellus President and CEO Christopher Booth noted in a statement.

He said the attack also affects members of other BlueCross BlueShield plans who received treatment in the area of Excellus BCBS and those that do business with the group.

continue reading »