Health insurer Premera Blue Cross has brought on Edelman to aid with its response to a cyberattack that could affect 11 million customers dating back to 2002.
Premera acknowledged the breach on Tuesday, noting that compromised data includes financial and medical information. The attack started last May but was only discovered in January.
Individuals affected include current and former members, employer customers, brokers who sell Premera products, healthcare providers, and vendors.
Eric Earling, Premera’s VP of communications, confirmed that the company started working with Edelman several weeks ago.
"National news headlines have been clear this is becoming a serious topic for both the public and private sector when it comes to cyber security," said Earling. "So it has been helpful to have Edelman’s expertise and counsel on specific issues related to data security."
He explained that the company has launched a comprehensive comms response to the hack, stressing the message that the crisis is Premera’s burden to bear, not that of individuals affected by it.
To back this up, Premera set up a microsite where customers can sign up for two free years of credit monitoring, identity protection services, and identity theft insurance.
The health insurer also created internal and external videos, fronted by Premera president and CEO Jeff Roe, and posted links on its social media channels to a FAQ page about the breach.
Some news outlets have criticized Premera for taking so long to tell anyone about the hack. Earling explained that experts advised the company to hold back on its announcement until its IT systems were cleansed and secured.
"An announcement made before systems are secured can result in cyberattackers engaging in more malicious activity, which can threaten business operations and put personal information at greater risk," he said.
Premera has clear evidence that cyberattackers had unauthorized access to its IT systems. Earling noted that no information has been removed from Premera’s systems or used inappropriately.
"We might have made the announcement earlier had there been any removal of information from our systems," he added.
Going forward, Earling said Premera is taking steps to further enhance the security of its IT systems.
Last month, health insurer Anthem also reported a cyberattack, which could go down as the largest data breach ever acknowledged by a healthcare company, affecting as many as 80 million people.
Ketchum, Anthem’s AOR, is providing the health insurance giant with subject matter experts and advising the company on best practices, Kristin Binns, VP of PR at the insurer, told PRWeek at the time.
The health insurers’ breaches follow a high-profile cyberattack on Sony Pictures Entertainment last year, for which authorities have blamed North Korean hackers. That incident was connected to the studio’s film The Interview, which comically depicted the assassination of dictator Kim Jong Un.
Retailers are also among the best-known victims of cyberattacks. Target acknowledged that the credit- and debit-card data of 40 million customers was exposed, as was a second batch with the personal information of 70 million people, during the 2013 holiday season.
Burson-Marsteller helped Target respond to the data breach.