On Wednesday, May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that it has been the target of a sophisticated cyber attack. The attackers gained limited, unauthorized access to a single CareFirst database. This was discovered as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of recent cyber attacks on health insurers. CareFirst engaged Mandiant – one of the world’s leading cyber security firms – to conduct an end-to-end examination of its IT environment.
This review included multiple, comprehensive scans of CareFirst’s IT systems for any evidence of a cyber attack. The review determined that in June 2014 cyber-attackers gained access to a single database in which CareFirst stores data that members and other individuals enter to access CareFirst’s websites and online services. Mandiant completed its review and found no indication of any other prior or subsequent attack or evidence that other personal information was accessed.
The attack affects approximately 1.1 million CareFirst members who registered to use CareFirst online services through www.carefirst.com. In addition, the attack specifically impacts brokers who registered online to do business with CareFirst prior to June 20, 2014. The company said its cyber-security team thought it had fended off the attack at the time, but a recent review discovered that the attackers had gained access to the usernames that customers created on its Web site as well as their real names, birth dates, e-mail addresses and subscriber identification numbers. According to Carefirst, no passwords were compromised
Affected members will be contacted by Carefirst in the next 7-10 days and will be offered the protection of two free years of credit monitoring and identity theft protection.
Please click this link for more information