CareFirst, a Blue Cross Blue Shield plan serving the Washington D.C. metro area, became another in a line of health insurers to suffer a data breach as a result of hackers. CareFirst and the FBI are examining the breach which potentially compromised 1.1 million customers. The company reports that although the hackers gained access to customer names, email addresses, and birth dates, they did not obtain sensitive financial or medical information, such as member Social Security Numbers, medical claims information or financial information. Affected customers are being offered two years of free credit monitoring and identity-theft protection services.
CareFirst stated that it discovered this breach as a result of the company’s ongoing security efforts in the wake of recent health industry cyberattacks. After discovering that cyberattackers had gained access to a database in which CareFirst stores data on members used to access CareFirst’s online services, the company hired cybersecurity firm Mandiat. Mandiat found evidence that the cyberattack occurred in June 2014 and that no additional attacks occurred.
This incident again highlights the ongoing efforts that companies, particularly those in the health industry, must take to protect against and responding to cyberattacks.