{ "id": "15360cd6-1e2f-4e85-9f85-c4b57bc12ec1", "created_at": "2026-04-06T00:15:01.417602Z", "updated_at": "2026-04-10T13:11:36.877434Z", "deleted_at": null, "sha1_hash": "20f58e5f55b3ec957330a6a793d1899c7e7081ac", "title": "Feds warned Premera about security flaws before breach", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 34023, "plain_text": "Feds warned Premera about security flaws before breach\r\nBy Originally published March 18, 2015 at 11:04 am Updated April 2, 2015 at 1:45 pm\r\nPublished: 2015-03-18 · Archived: 2026-04-02 12:33:06 UTC\r\nIn what the health insurer called a routine audit, federal officials found a handful of issues with Premera’s network\r\nsecurity — three weeks before a major breach first occurred.\r\nBy\r\nSeattle Times staff reporter\r\nThree weeks before hackers infiltrated Premera Blue Cross, federal auditors warned the company that its network-security procedures were inadequate.\r\nOfficials gave 10 recommendations for Premera to fix problems, saying some of the vulnerabilities could be\r\nexploited by hackers and expose sensitive information. Premera received the audit findings April 18 last year,\r\naccording to federal records.\r\nThe company disclosed Tuesday that a breach occurred May 5, potentially exposing Social Security numbers,\r\naddresses, bank-account information, medical information and more for 11 million customers.\r\nPremera didn’t respond to the audit findings until June 30 and said at the time it had made some changes and\r\nplanned to implement others before the end of 2014. The company, based in Mountlake Terrace, said it didn’t\r\ndiscover the breach until January of this year and didn’t disclose it until this week so it could secure its\r\ninformation-technology systems first.\r\nPremera spokesman Eric Earling said the audit, conducted by the U.S. Office of Personnel Management (OPM),\r\nwas routine. He said the company worked to address the issues raised and that the vulnerabilities described in the\r\naudit may not have been exploited by the hackers.\r\n“We believe the questions OPM raised in their routine audit are separate from this sophisticated cyberattack,”\r\nEarling said. He declined to discuss details of the hack, citing an ongoing FBI investigation.\r\nIn one part of the technology audit, federal officials conducted vulnerability scans and found Premera wasn’t\r\nimplementing critical patches and other software updates in a timely manner.\r\n“Failure to promptly install important updates increases the risk that vulnerabilities will not be remediated and\r\nsensitive data could be breached,” the auditors wrote.\r\nPremera responded to the auditors by saying it would start using procedures to properly update its software. But\r\nthe company told the audit team it believed it was in compliance when it came to managing “critical security\r\npatches.”\r\nhttps://www.seattletimes.com/business/local-business/feds-warned-premera-about-security-flaws-before-breach/\r\nPage 1 of 2\n\nThe auditors responded that the vulnerability scans indicated the company was not in compliance with that aspect.\r\nThey suggested Premera provide evidence that it had implemented the recommendation, although the documents\r\ndon’t say whether that occurred.\r\nThe auditors also found that several servers contained software applications so old that they were no longer\r\nsupported by the vendor and had known security problems, that servers contained “insecure configurations” that\r\ncould grant hackers access to sensitive information, and that Premera needed better physical controls to prevent\r\nunauthorized access to its data center.\r\nFederal auditors examined Premera because it is one of the insurance carriers that participates in the Federal\r\nEmployees Health Benefits Program. Auditors examined applications used to manage claims from federal\r\nworkers, but also the company’s larger IT infrastructure.\r\nSusan Ruge, associate counsel to the inspector general at the Office of Personnel Management, said the office is\r\nmonitoring the situation at Premera, but hasn’t determined whether the data breach will lead to any unplanned\r\naudit work at the company.\r\nPremera Blue Cross is the largest health-insurance provider in Washington state based on enrollment, and it has\r\nmore than 6 million current and former customers in the state who could be affected by the breach. The company\r\nsaid the hackers may have gained access to customer information dating back as far as 2002.\r\nThe company has started to mail letters to the approximately 11 million affected customers in Washington and\r\nelsewhere.\r\nSource: https://www.seattletimes.com/business/local-business/feds-warned-premera-about-security-flaws-before-breach/\r\nhttps://www.seattletimes.com/business/local-business/feds-warned-premera-about-security-flaws-before-breach/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "ETDA", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.seattletimes.com/business/local-business/feds-warned-premera-about-security-flaws-before-breach/" ], "report_names": [ "feds-warned-premera-about-security-flaws-before-breach" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434501, "ts_updated_at": 1775826696, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/20f58e5f55b3ec957330a6a793d1899c7e7081ac.pdf", "text": "https://archive.orkl.eu/20f58e5f55b3ec957330a6a793d1899c7e7081ac.txt", "img": "https://archive.orkl.eu/20f58e5f55b3ec957330a6a793d1899c7e7081ac.jpg" } }