The health plan, formerly Trusted Health Plan, said in a data notice that every current enrollee, current employee and former employee has been affected by the incident.
Seven details to know about the data breach:
- On Jan. 28, the health plan learned someone attacked its computer system and stole personal information.
- CareFirst informed the FBI and started an investigation with the help of cybersecurity company CrowdStrike.
- The investigation concluded a foreign cybercriminal group is likely responsible.
- Stolen personal health information for enrollees may include Social Security numbers, medical information, names and more.
- In response to the cyberattack, CareFirst isolated the affected computers. With CrowdStrike’s assistance, CareFirst changed every password, monitored for signs of data misuse and found out how the attack happened to avoid future breaches.
- CareFirst said it stopped operations that share information with its business partners.
- It is offering free two-year membership to Experian’s IdentityWorksSM to monitor possible misuse of personal data and detect identity theft threats.
More articles on cybersecurity:
Adventist Health fined $40K over medical records storage unit exposure
Healthcare law firm data held ransom, affecting 420,000
10 most common passwords in 2021
