Health insurer CareFirst reveals cyberattack affecting 1.1 million

The breach is the third one disclosed this year by a large health insurer

CareFirst BlueCross BlueShield member ID card

CareFirst BlueCross BlueShield member ID card

A large US health insurer, CareFirst BlueCross BlueShield, has disclosed it fell victim to a cyberattack that affected about 1.1 million people.

The attack, which occurred in June last year, targeted a single database that contained information about CareFirst members and others who accessed its websites and services, the company said Monday.

The nonprofit has 3.4 million members, mostly around Maryland, Washington, D.C., and Northern Virginia.

"We were the subject of a cyberattack," a somber looking Chet Burrell, the company's CEO, says in a video posted to its website.

CareFirst said customer names, birth dates, user names, email addresses and subscriber ID numbers may have been stolen. The database did not contain Social Security numbers, medical claims or financial information, it said. And member passwords were encrypted and stored in a different system, CareFirst said.

The disclosure marks at least the third time this year that a large health insurance company has reported a data breach, and experts warn that medical records are increasingly sought by hackers.

Anthem, formerly known as Wellpoint, said in February that upwards of 78.4 million records were at risk after hackers accessed one of its databases. The breach exposed names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, as well as some employee records and income levels.

Five weeks after Anthem's disclosure, Premera Blue Cross said information including bank accounts and clinical data going back to 2002 may have been compromised in an attack that affected up to 11 million people.

Medical records are valuable for cybercriminals, who may use the information for fraud, or for more sophisticated purposes, such as nation-state spying.

Computer security experts have said the attacks against Anthem and Premera appeared to use similar tactics. In both cases, experts found evidence that the attackers set up domain names that slightly misspelled the company's names.

Those fake websites may have been used to spoof legitimate internal services offered by the companies in an attempt to steal login credentials that would yield access to their systems. CrowdStrike, which analyzes malware attacks, has said such tactics have been used by a suspected China-based group nicknamed Deep Panda.

CareFirst did not indicate who might behind its breach, but said the FBI was notified.

CareFirst's breach was uncovered last month by Mandiant, computer security company FireEye's investigative services breach. It was hired to scan CareFirst's systems in light of the attacks against other health insurers.

The company is offering two years of free credit monitoring to those affected, who will be notified by letter. Some online accounts have been blocked and members will be prompted to create new user names and passwords.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags CareFirst BlueCross BlueShieldsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?