Premera Blue Cross announced on Tuesday that it was targeted in a cyberattack that affected some 11 million people.
The hackers may have gained access to customer's personal data, including their social security numbers, mailing addresses and bank account information, the insurance company said, in a statement.
The attackers may have also gained access to claims information, including sensitive clinical data about its users. Victims of recent breaches in the healthcare system, including Anthem and hospital operator Community Health Systems, have said they believe the attackers did not access medical information, according to a Reuters report.
Premera said it has notified the FBI and is coordinating with its investigation into the attack. It's also working closely with Mandiant, a subsidiary of FireEye.
The company plans to offer two years of free credit monitoring and identity theft protection services to affected members.
Premera discovered the incident on Jan. 29, but said the initial attack occurred on May 5, 2014.
"As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people's information," Premera CEO Jeff Roe said in a statement.