Feds warned Premera Blue Cross about security flaws

SEATTLE — Three weeks before hackers infiltrated Premera Blue Cross, federal auditors warned the company that its network security procedures were inadequate.

Officials gave 10 recommendations for Premera to fix problems, saying some of the vulnerabilities could be exploited by hackers and expose sensitive information. Premera received the audit findings on April 18 last year, according to federal records.

The company disclosed Tuesday that a breach occurred on May 5, potentially exposing Social Security numbers, addresses, bank account information, medical information and more for 11 million customers.

Premera didn’t respond to the audit findings until June 30 and said at the time it had made some changes and planned to implement others before the end of 2014.

The company, based in Mountlake Terrace, said it didn’t discover the breach until January of this year and didn’t disclose it until this week so it could secure its information technology systems first.

Premera spokesman Eric Earling said the audit, conducted by the U.S. Office of Personnel Management, was routine. He said the company worked to address the issues raised and that the vulnerabilities described in the audit may not have been exploited by the hackers.

“We believe the questions OPM raised in their routine audit are separate from this sophisticated cyberattack,” Earling said. He declined to discuss details of the hack, citing an ongoing FBI investigation.