ROCHESTER, N.Y., Sept. 10 (UPI) -- New York health insurer Excellus Blue Cross Blue Shield said Wednesday it experienced a data hack that could compromise the personal information of 10.5 million patients.
The company said its computer system was the target of a complex attack in December 2013 in which the data of up to 7 million customers and 3.5 million others through its parent company, Lifetime Healthcare Companies, may have been accessed.
There was no proof the hackers accessed or used the information that was compromised. Hackers had access to full names, birth dates, Social Security numbers, mailing addresses, finances and claims.
Excellus said it is collaborating with cybersecurity firm Mandiant and offering its customers up to two years of free identity theft protection.
Excellus is the largest health insurer in the Rochester, N.Y., region with customers in multiple counties across New York. Other affiliates believed to have been breached include MedAmerica and Univera Healthcare.
An attack against Blue Cross Blue Shield affiliate Anthem exposed the personal information of up to 80 million individuals earlier this year.
A survey conducted by consulting firm KPMG showed that 81 percent of health firms had been breached by an attack.