The Strategist

Carefirst discloses data breach

05/21/2015 - 08:36

Carefirst discloses data breach
American healthcare insurer CareFirst BlueCross BlueShield has disclosed that its website was hacked and the breach would possibly affect about 1.1 million customers.
It is revealed that the attack targeted a single database that contained information on customers as well as those who accessed its websites. The breach happened in June last year. The nonprofit company has around 3.4 million members, mostly around Maryland, Washington, D.C., and Northern Virginia. The information which could have been stolen include customer names, birth dates, user names, email addresses and subscriber ID numbers. It was revealed during a later investigation on the attack that other sensitive data including Social Security numbers, medical claims or financial information were not taken from the trove.
Medical companies and Insurance agencies have increasingly become the target of well-organized hack attacks. Medical information is considered as highly valuable asset in the hacking domain. This is also the third time in the recent past that an Insurer has been targeted by hackers.

In the past, Anthem, formerly known as Wellpoint, disclosed a breach that would have affected 78.4 million records. The breach allegedly exposed names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, as well as some employee records and income levels. Premera Blue Cross also announced that bank accounts and clinical data of its users have been breached in an attack that would have affected an estimated 11 million people.
Carefirst is offering two years of free credit monitoring to those affected, who will be notified by letter. Some online accounts have been blocked and members will be prompted to create new user names and passwords. The company came to know about the breach only when an independent consultant scanned the systems as a routine method to identify breaches.