Dive Brief:
- Premera--which revealed this week that a cyberattack accessed its information for 11 million members--had received an audit three weeks before it was breached that warned of numerous security issues.
- The audit was provided by the U.S. Office of Personnel Management's Office of the Inspector General and was given to Premera on April 18, 2014. Premera responded that it planned to resolve its security shortcomings by Dec. 31, 2014 but noted some disagreements with the OPM's recommendations.
- Premera first was hacked May 5, 2014, but did not realize it until Jan. 29.
Dive Insight:
The dates suggest that while Premera may have become aware of its vulnerabilities in advance of the breach, it was likely too close to have allowed them to prevent the attack. However, it remains disturbing that the breach went undetected for so long even though the company had been warned about its weaknesses.
The incident may serve as an example that those companies with weaknesses should focus on monitoring their systems as much as shoring up their security.