BREAKING NEWS: Health insurer CareFirst BlueCross BlueShield disclosed today that hackers gained access to one of its databases, exposing personally identifiable information for approximately 1.1 million people.
According to a statement on CareFirst’s website, the breach was discovered “as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of recent cyberattacks on health insurers.” This review, according to CareFirst, uncovered a single, unauthorized access to one of its databases in June 2014. The database apparently contained the member-created user names created by individuals to access CareFirst’s website, as well as members’ names, birth dates, email addresses and subscriber identification numbers. According to CareFirst, passwords for these usernames were not compromised, as they are encrypted and stored in a separate database. CareFirst has also stated that the “database accessed by attackers contained no member Social Security numbers, medical claims, employment, credit card, or financial information.”
This most recent large-scale breach is emblematic of 2015’s trend of a continuingly high frequency of data breach incidents in the healthcare sector and an increase in the total number of records lost. In fact, the Identity Theft Resource Center’s year-to-date 2015 data indicates that the medical and healthcare industry is suffering one of the highest frequencies of reported data breach incidents (111 incidents, or 36.5%, which is second only to the business sector’s 118 incidents, or 38.8%). Furthermore, and more troubling, the healthcare industry is also experiencing the highest number of total records lost (99,559,037 records lost or 97.7% across all sectors). It is notable that these statistics were as of yesterday, before CareFirst’s announcement of an additional 1.1 million records lost.