Cyber Incident Victim: KERN Agency
Date:
Jun 2023
Location:
United States of America
Summary
A cybersecurity incident involving KERN Agency, a vendor of Premera Blue Cross, resulted from a vulnerability in its MOVEit software that enabled unauthorized access and exfiltration of stored files containing protected health information of some Medicare Advantage members. The attackers did not compromise claims data, financial details, or Social Security numbers. KERN contained the breach with no further system compromise, and the affected members were notified while the health plan collaborates with the vendor to implement remediation measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 3, 2023, KERN Agency, a creative strategy vendor for Premera Blue Cross, notified Premera of unauthorized access and data exfiltration stemming from a vulnerability in KERN’s MOVEit software. The breach impacted stored files containing protected health information belonging to Premera Blue Cross Medicare Advantage (HMO) members. KERN confirmed the compromise was isolated to this incident, with no evidence of further system access after containment and mitigation measures were implemented. The attackers exploited a specific weakness in the MOVEit application but did not access claims data, financial information, or Social Security numbers. Premera clarified the breach originated within KERN’s systems, not Premera’s infrastructure.
Premera Blue Cross initiated member notifications via mailed correspondence following confirmation of the incident’s scope. The organization emphasized vigilance in monitoring credit reports despite the absence of exposed financial identifiers. Remediation efforts involved collaboration between Premera and KERN to address security gaps, though specific technical corrective actions were not disclosed. A dedicated phone line (888-850-8526) operated Monday through Friday, 8 a.m. to 8 p.m. PT, was established for member inquiries. The breach exclusively affected Medicare Advantage plan members under Premera’s coverage, with no reported impact on commercial or other health plan enrollees. KERN’s prompt containment and Premera’s transparent notification reflected a coordinated response to mitigate potential member harm.