Health insurer CareFirst reveals cyberattack affecting 1.1 million

The breach is the third one disclosed this year by a large health insurer

CareFirst BlueCross BlueShield member ID card

CareFirst BlueCross BlueShield member ID card

A large US health insurer, CareFirst BlueCross BlueShield, has disclosed it fell victim to a cyberattack that affected about 1.1 million people.

The attack, which occurred in June last year, targeted a single database that contained information about CareFirst members and others who accessed its websites and services, the company said Monday.

The nonprofit has 3.4 million members, mostly around Maryland, Washington, D.C., and Northern Virginia.

"We were the subject of a cyberattack," a somber looking Chet Burrell, the company's CEO, says in a video posted to its website.

CareFirst said customer names, birth dates, user names, email addresses and subscriber ID numbers may have been stolen. The database did not contain Social Security numbers, medical claims or financial information, it said. And member passwords were encrypted and stored in a different system, CareFirst said.

The disclosure marks at least the third time this year that a large health insurance company has reported a data breach, and experts warn that medical records are increasingly sought by hackers.

Anthem, formerly known as Wellpoint, said in February that upwards of 78.4 million records were at risk after hackers accessed one of its databases. The breach exposed names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, as well as some employee records and income levels.

Five weeks after Anthem's disclosure, Premera Blue Cross said information including bank accounts and clinical data going back to 2002 may have been compromised in an attack that affected up to 11 million people.

Medical records are valuable for cybercriminals, who may use the information for fraud, or for more sophisticated purposes, such as nation-state spying.

Computer security experts have said the attacks against Anthem and Premera appeared to use similar tactics. In both cases, experts found evidence that the attackers set up domain names that slightly misspelled the company's names.

Those fake websites may have been used to spoof legitimate internal services offered by the companies in an attempt to steal login credentials that would yield access to their systems. CrowdStrike, which analyzes malware attacks, has said such tactics have been used by a suspected China-based group nicknamed Deep Panda.

CareFirst did not indicate who might behind its breach, but said the FBI was notified.

CareFirst's breach was uncovered last month by Mandiant, computer security company FireEye's investigative services breach. It was hired to scan CareFirst's systems in light of the attacks against other health insurers.

The company is offering two years of free credit monitoring to those affected, who will be notified by letter. Some online accounts have been blocked and members will be prompted to create new user names and passwords.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags CareFirst BlueCross BlueShieldsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?