Cyber criminals have, once again, targeted the health insurance industry in yet another data breach, compromising nearly 1.1 million records of CareFirst BlueCross BlueShield current/former members.
Carefirst, based in Baltimore, Md., is responsible for providing nearly 3.4 million Americans in Maryland, Northern Virginia and Washington D.C. with health insurance and services. While it is not believed the hackers had access to social security numbers, medical claims, or financial account information, CareFirst will still be offering two years of free credit monitoring, as well as identity theft protection to those included in the data breach.
According to the investigation by cybersecurity firm Mandiant, the CareFirst data breach occurred in June 2014 when hackers gained access to a database containing member names, usernames, birth dates, email addresses and subscriber ID numbers. Not only did the database include information for current and former members of CareFirst, but even people who had done business with CareFirst.
Chet Burrell, CareFirst CEO and President, released the following statement regarding the CareFirst data breach:
“Cyberattacks on businesses have, regrettably, become all too common. We understand that news of a cyberattack on [CareFirst] is a cause of concern for our members and others with whom we do business. Maintaining the privacy and security of our members’ personal information is one of our highest priorities.”
There have been three massive health insurance-related data breaches thus far this year. In February, Anthem Health Insurance announced a “very significant” data breach against approximately 80 million of its customers. In March, Premiere Blue Cross also suffered from a cyberattack, compromising the personal information of nearly 11 million customers.
Neither Mandiant nor CareFirst has released any information about who may have been responsible for the cyberattack.