Cyberattack exposes data of 1.1M CareFirst BCBS members: 6 things to know

CareFirst BlueCross BlueShield announced Wednesday it was the victim of a cyberattack that potentially compromised the data of millions, according to Reuters. Here are six things to know about the attack.

1. Nearly one-third of CareFirst's 3.4 million customers were affected. The attack compromised the data of 1.1 million past and current CareFirst members across the Mid-Atlantic region, where CareFirst is the largest payer.

2. Only limited personal information is at risk. The attackers accessed one database and may have acquired individual member usernames for CareFirst's website, in addition to names, birthdates, emails and member identification numbers, according to the report. They did not acquire Social Security numbers, medical claims, employment, credit card or financial information.

3. The attack occured in June 2014. The payer believed it had one unsuccessful attacking attempt last year, but decided to ramp up security following the attacks on Anthem and Premera, according to The New York Times. The June attack was discovered last month by Mandiant, the cybersecurity firm hired to conduct the review.

4. The intrusion is believed to have been "sophisticated." Mandiant, a subsidiary of Milpitas, Calif.-based FireEye, detected the attack after conducting an end-to-end examination of CareFirst's IT environment. In a statement to the Wall Street Journal, FireEye said, "The intrusion was orchestrated by a sophisticated threat actor that we have seen specifically target the healthcare industry over the past year." FireEye has also investigated other breaches and cyberattacks, including those affecting Anthem and Premera.

5. There is no indication of other attacks. The cyberattack appears to be a one-time only breach as Mandiant found no evidence of other successful attacks before or after the June intrusion, CareFirst said.

6. CareFirst is taking steps to protect users. The payer has contacted the FBI regarding the breach, according to CareFirst president and CEO Chet Burrell. Access to the accounts has been blocked and members have been asked to create new usernames and passwords. CareFirst will offer affected members free credit monitoring and identity theft protection for two years.

 

More articles on health IT:

EHR market share by practice size
Welltok acquires Predilytics
Digital innovation in full force, but talent lags behind: 4 key findings

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months