MINNEAPOLIS (AP) — Blue Cross Blue Shield of Minnesota is scrambling to improve its cybersecurity after an internal whistleblower raised concerns that the state’s largest health insurer has neglected thousands of important updates to its computer system.
The company’s top cybersecurity executive, Amy Ecklund, says the insurer has been working diligently in recent weeks to reduce its vulnerability for a cyber attack.
“We certainly understand that our members expect us to protect their most sensitive data, and we want them to know that we are committed every single day to doing just that,” Ecklund said in a statement emailed to the Star Tribune.
Internal documents show the company has allowed 200,000 vulnerabilities deemed “critical”or “severe” to linger for years on its computer systems, despite warnings to executives. Software patches were available in most cases to fix the issues.
Documents obtained by the newspaper show that cybersecurity engineer Tom Yardic met with executives as early as August 2018 to raise concerns that important patches weren’t getting done.
Blue Cross Blue Shield Minnesota insures 2.8 million people.