Tustin, CA - The most interesting part of this BlueCross BlueShield announcement is not that they found the breach on August 5th. What is interesting when you read further into the announcement is that they say “Our investigation further revealed that the initial attack occurred on December 23, 2013.” That is well over 20 months ago. Who really knows what was going on for 20 months?
Alvaka Networks regularly does Lunch and Learns on the topic of cyber security as well as regular consultations with clients. We regularly warn clients that they have likely been breached and they just don’t know it. BlueCross BlueShield is a prime example.
Periodic review of your security practices, your security policy, user training and log review amongst other practices are in order. If you have not done those things recently let this serve as a wake up call.