Jacksonville-based Florida Blue, part of Blue Cross Blue Shield, recently began notifying more than 30,000 members that their personal information was exposed during a cyber-spoofing attack on the payer's user database.
Florida Blue's IT security team on June 8 discovered numerous unauthorized login attempts to the Florida Blue online member portal, the company said in a June 30 notice. After investigating the activity, the team realized that Florida Blue had been targeted in a cyber-spoofing attack.
A hacker orchestrated the attack by using a large database of user identifiers and corresponding passwords available on the internet to impersonate members and gain improper access to Florida Blue's online member portal. The health insurer said the excessive number of login failures "strongly indicates that the ID and password combinations used during the incident did not come from Florida Blue systems, but rather were compiled from third-party websites where ID and password information were previously compromised," according to its online notice.
Florida Blue reported the breach to HHS on July 1 as affecting 30,063 individuals. Information exposed by the incident included members' contact details, claim and payment information and details about health insurance policies.
Florida Blue has rolled out new technical controls to improve its web portal security and is offering affected members two years of identity theft protection services.