Close this search box.

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.


State senator asks Excellus to provide answers to victims of breach

New York State Sen. Michael Nozzolio (R–Fayette) wants Excellus BlueCross BlueShield to provide answers to its customers following the breach that the health-insurance company reported on Sept. 9.

The breach may have affected the personal information of about 7 million Excellus customers. The same attack may have impacted an additional 3.5 million customers of additional affiliates of the Lifetime Healthcare Companies, Excellus’ parent company.

In a four-page letter to Christopher Booth, president and CEO of Excellus, Nozzolio said that Excellus’ public response “has not been sufficiently transparent, nor comprehensive.”


7 Cyber Security Essentials to Check Off

By Bogdan Bagovskyy vCIO Along with back-to-school season, Halloween decorations hitting the shelves, and the beloved pumpkin spice latte making its reappearance, there’s another often-overlooked event this fall: National Cybersecurity

Read More

Nozzolio’s district includes six counties with “thousands” of Excellus customers, the lawmaker wrote.

Rochester–based Excellus is Central New York’s largest health insurer.

“Victims of this cyberattack simply have not been provided with adequate information about the scope and nature of the unauthorized access of their confidential personal and medical, nor have they been assured all necessary steps are being taken to prevent this from happening again,” Nozzolio wrote.

Nozzolio’s letter also asked Excellus to address eight questions about the breach.

For example, the lawmaker wondered how “such an extensive security lapse was able to exist undetected for nearly two years.”

Excellus indicated the initial attack happened Dec. 23, 2013, but it didn’t learn of the security breach until Aug. 5 of this year.

Nozzolio also wondered how the cybersecurity firm that Excellus retained discovered the attack and asked whether it pursues “periodic vulnerability assessments and penetration testing” prior to the attack. The state senator also asked for the status of the investigation into the breach and what it has uncovered about impacts on affected customers.

The lawmaker wants Excellus to clarify what groups of people and organizations are included in “others who have done business with the impacted plans,” which the health insurer referenced in its Sept. 9 news release on the cyber attack.


Contact Reinhardt at


Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

Essential business news, thoughtful analysis and valuable insights for Central New York business leaders.

Copyright © 2023 Central New York Business Journal. All Rights Reserved.