Oregon Insurance Division Announces Investigation into LifeWise Data Breach

Tuesday, March 24, 2015

GoLocalPDX News Team

The Oregon Insurance Division will participate in a multi-state investigation of LifeWise Health Plan of Oregon and its parent company Premera Blue Cross.

The investigation follows LifeWise's announcement last week that a cyber attack exposed the personal identification of 250,000 Oregonians to unauthorized access. The information exposed included:

Name
Date of birth
Social Security number
Mailing address
Email address
Telephone number
Member identification number
Bank account information
Claims information, including clinical information

"Oregon takes the protection of personal identifying information very seriously and this investigation will closely scrutinize the data security practices of LifeWise," said Oregon Insurance Commissioner Laura Cali. "Oregon will be looking at how LifeWise learned about the breach, what process they used to identify affected consumers, and the adequacy of the consumer protections offered to those affected."

Washington will supervise the investigation, with Oregon and Alaska taking lead roles. The exact scope of the investigation is still under discussion, and participating states will likely contract with a cybersecurity firm to help investigate.

Consumers who believe they may be affected by the LifeWise security breach can find information about protecting their identities at www.lifewiseupdate.com.

Related Slideshow: Recent Data Breaches in Oregon

Here are some of the biggest data and security breaches in Oregon between 2015 and 2012, according to Privacy Rights Clearinghouse:

Prev Next

The Oregon Department of Administrative Services

March 20, 2015

The department's meta data, including time stamps the size of flies, was disclosed on Friday, March 20, by an unidentified hacker.

The attack was detected by intrusion software, and investigated by the department, but no personally identifying information was compromise

Prev Next

LifeWise Health Plan of Oregon

March, 2015

A cyber attack on LifeWise and it's parent company Premera Blue Cross exposed the personal identification of 250,000 Oregonians to unauthorized access.

Prev Next

Oregon Employment Department

Date: Oct. 10, 2014

Location: Portland

Records Compromised: 820,000

A database containing personal information from people searching for jobs through WorkSource Oregon was breached.

Prev Next

Made in Oregon

Date: Dec. 3, 2013

Location: Portland

Records Compromised: 1,700

The company’s website, with credit card information, may have been accessed by unauthorized parties.

Prev Next

Samaritan Family Medicine Resident Clinic

Date: Nov. 4, 2013

Location: Corvallis

Records Compromised: 1,222

Un-shredded medical documents were found in a dumpster near the offices. Prescriptions, diagnoses and sensitive medical information were on the documents.

Prev Next

Bonneville Power Administration

Date: Aug. 27, 2013

Location: Portland

Records Compromised: 3,100

BPA employee names, Social Security numbers, and dates of birth were distributed by a cyber attack.

Prev Next

Oregon Health & Science University

Date: July 29, 2013

Location: Portland

Records Compromised: 3,000

OHSU patient information was placed on Google’s cloud computing system. OHSU did not have a contract with Google, so the information could have been used for promotional purposes due to the storage error.

Prev Next

Oregon State University

Date: July 29, 2012

Location: Oregon State University

Records Compromised: 21,000

During a software upgrade, an unnamed check printing vender copied data that included student and employee names, IDs, check numbers, check amounts, and possibly some Social Security numbers.

Prev Next

Eugene School District 4J

Date: June 11, 2012

Location: Eugene

Records Compromised: 16,000

An unauthorized source accessed confidential files containing student personal information, such as Social Security numbers, dates of birth, and phone numbers.