Cyber Attack Hits CareFirst BCBS
First it was Anthem, then Premera, and now another major Blues planCareFirst BlueCross BlueShieldhas been hacked and 1.1 million members in Maryland, Virginia and the District of Columbia are affected.
First it was Anthem, then Premera, and now another major Blues planCareFirst BlueCross BlueShieldhas been hacked and 1.1 million members in Maryland, Virginia and the District of Columbia are affected.
Limited personal information was involved in this attackfor instance, no member Social Security numbers, medical claims information or financial information was put at risk, Chet Burrell, president and CEO at CareFirst, said in a message to members. While this reduces the chance that your personal information will be used improperly, we are nonetheless offering our potentially affected members two years of free credit monitoring and identity theft protection services in order to ease your concerns about possible unauthorized use of your personal information.
Also See: Why Providers Need to Rethink Incident Response
Attackers accessed a single database, discovered during ongoing security work being done in the wake of other attacks on insurers, according to the company. Access to the database occurred in June 2014 and there is no evidence of prior or subsequent attacks, based on examinations by cybersecurity firm Mandiant.
Compromised information includes member-created usernames for the CareFirst website, member names, dates of birth, email addresses and subscriber identification numbers. However, CareFirst user names must be used in conjunction with a member-created password to gain access to underlying member data through CareFirsts website, according to the insurer. The database in question did not include these passwords because they are fully encrypted and stored in a separate system as a safeguard against such attacks.
Limited personal information was involved in this attackfor instance, no member Social Security numbers, medical claims information or financial information was put at risk, Chet Burrell, president and CEO at CareFirst, said in a message to members. While this reduces the chance that your personal information will be used improperly, we are nonetheless offering our potentially affected members two years of free credit monitoring and identity theft protection services in order to ease your concerns about possible unauthorized use of your personal information.
Also See: Why Providers Need to Rethink Incident Response
Attackers accessed a single database, discovered during ongoing security work being done in the wake of other attacks on insurers, according to the company. Access to the database occurred in June 2014 and there is no evidence of prior or subsequent attacks, based on examinations by cybersecurity firm Mandiant.
Compromised information includes member-created usernames for the CareFirst website, member names, dates of birth, email addresses and subscriber identification numbers. However, CareFirst user names must be used in conjunction with a member-created password to gain access to underlying member data through CareFirsts website, according to the insurer. The database in question did not include these passwords because they are fully encrypted and stored in a separate system as a safeguard against such attacks.
More for you
Loading data for hdm_tax_topic #care-team-experience...