CareFirst Breach Exposes Data on 1.1 Million Users

Health insurer CareFirst BlueCross BlueShield, a company covering customers in Maryland, Virginia and the District of Columbia, has been hacked and over 1 million customers are caught in the fray. The sophisticated cyberattack gave bad actors unauthorized access to a CareFirst database.

About 1.1 million current and former CareFirst members and people who registered to use the companyEUs Web sites before June 20, 2014 are impacted. CareFirst is sending out letters to notify affected parties and has promised two years of free credit monitoring and identity theft protection.

EUWe deeply regret the concern this attack may cause,EU said CareFirst President and CEO Chet Burrell. EUWe are making sure those affected understand the extent of the attack -- and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.EU

Layers of Protection

The attack was discovered as a part of its ongoing information technology security efforts in the wake of recent cyberattacks on health insurers, according to the company. CareFirst engaged cybersecurity firm Mandiant to conduct an end-to-end examination of its IT environment.

The findings reveal cyberattackers gained access to a single database where CareFirst stores data that members and others enter to access CareFirstEUs Web sites and online services. MandiantEUs findings suggests the attackers could have potentially acquired member-created user names to access CareFirstEUs Web site, as well as membersEU names, birth dates, e-mail addresses and subscriber identification number.

The good news is that Mandiant did not find evidence of any other attack before or after the June 2014 event or any evidence that other personal information was accessed.

Members may not ultimately...

Comments are closed.