CareFirst BlueCross BlueShield has announced that they suffered a cyberattack affecting 1.1 million current and former members.
The hack, which took place on June 19, 2014, may have exposed users’ names, birth dates, email addresses, and subscriber identification numbers. However, the insurer stated that the affected database did not contain “social security numbers, medical claims, employment, credit card or other financial information.”
Following previous large scale health insurance cyber attacks (Anthem), CareFirst called in cybersecurity firm Mandiant to look at their IT systems, which is when they uncovered evidence of an attack. According to CareFirst CEO Chet Burrell, “the attackers ascertained a ‘limited amount of information’, and that the information was ultimately useless without corresponding passwords for each username, which were kept in a separate, unaffected database.” However, he added that the attack was sophisticated enough to evade their defenses.
The company has notified members registered online and “affected customers have also had their usernames and passwords disabled, and will be eligible for two years of credit and personal identity monitoring by the company.”