A phishing email attack on Baltimore-based CareFirst BlueCross BlueShield may have comprised nearly 6,800 members' personal data, the company said March 30.
The insurer learned March 12 one of its employees fell victim to a phishing email that comprised his or her email account. The hacker used the email account to send spam messages to an email list of individuals not associated with CareFirst.
Although hackers sent emails to people not associated with CareFirst, the hackers could have potentially accessed the personal information of 6,800 CareFirst members, including names, member identification numbers, date of birth and, in eight cases, Social Security numbers. No medical or financial information was compromised.
CareFirst launched an investigation into the incident. A forensic analysis of its systems showed no evidence of malware in the phishing email or spam, and no other suspicious activities were detected.
There is no evidence any of the CareFirst member data has been misused, but as a precaution, CareFirst is offering affected members free credit monitoring and identity theft protection for two years.
More articles on payer issues:
Walmart reportedly in early-stage talks to buy Humana: 5 things to know
Aetna to pass drug discounts on to consumers: 4 things to know
Allina Health, Aetna pick former Molina president to lead joint health plan: 3 things to know