Two more insurance companies, Premera Blue Cross and Lifewise, joined the club that no one wants to be a member of and announced that they were both breached (see here and here). Premera said that 11 million records were hacked and Lifewise lost 250,000. Both said the breaches started in May of last year (2014) and discovered in January of this year (2015), so the hackers were in there for about 9 months before they were detected.
As Rep Will Hurd (R-TX) said (see post), the goal now is going to be detection, containment and assessment of damages. 9 months is a long time for hackers to be roaming around in your system.
Premera, which operates under a number of brands, and Lifewise both say that in addition to names, addresses, social security numbers, date of birth and email addresses, bank account numbers, claim information and clinical data were also taken, making this attack more problematic than the Anthem breach, where no claims or clinical data were taken. The update sites both include a message from Jeff Roe, President and CEO, so I assume these two companies are related.
This puts the numbers for medical data breaches for just the first quarter at 100 million records. And we still have 9 months to go.