Blue Cross Blue Shield of Minnesota scrambles to improve security

Published 8:41 pm Monday, December 16, 2019

MINNEAPOLIS — Blue Cross Blue Shield of Minnesota is scrambling to improve its cybersecurity after an internal whistleblower raised concerns that the state’s largest health insurer has neglected thousands of important updates to its computer system.

The company’s top cybersecurity executive, Amy Ecklund, said the insurer has been working diligently in recent weeks to reduce its vulnerability for a cyber attack.

“We certainly understand that our members expect us to protect their most sensitive data, and we want them to know that we are committed every single day to doing just that,” Ecklund said in a statement.

Email newsletter signup

Internal documents show the company has allowed 200,000 vulnerabilities deemed “critical”or “severe” to linger for years on its computer systems, despite warnings to executives.

Software patches were available in most cases to fix the issues.

Documents obtained show that cybersecurity engineer Tom Yardic met with executives as early as August 2018 to raise concerns that important patches weren’t getting done.

Blue Cross Blue Shield Minnesota insures 2.8 million people.