CareFirst BlueCross BlueShield Community Health Plan in Washington, D.C., was the victim of a data breach affecting 200,665 people and likely carried out by foreign cybercriminals.
The health plan, formerly Trusted Health Plan, said in a data notice that every current enrollee, current employee and former employee has been affected by the incident.
Seven details to know about the data breach:
- On Jan. 28, the health plan learned someone attacked its computer system and stole personal information.
- CareFirst informed the FBI and started an investigation with the help of cybersecurity company CrowdStrike.
- The investigation concluded a foreign cybercriminal group is likely responsible.
- Stolen personal health information for enrollees may include Social Security numbers, medical information, names and more.
- In response to the cyberattack, CareFirst isolated the affected computers. With CrowdStrike's assistance, CareFirst changed every password, monitored for signs of data misuse and found out how the attack happened to avoid future breaches.
- CareFirst said it stopped operations that share information with its business partners.
- It is offering free two-year membership to Experian's IdentityWorksSM to monitor possible misuse of personal data and detect identity theft threats.