CareFirst Reports Cyberattack Affecting 1.1 Million

Another 1.1 million individuals could potentially be affected by another cyberattack. CareFirst BlueCross BlueShield announced that it had been the target of a sophisticated cyberattack. The hackers gained access to a single database in June 2014, according to the company.

The attack was discovered as part of regular ongoing information technology security efforts that have been implemented in the wake of recent cyberattacks on health insurers. Earlier in 2015, Anthem and Premera Blue Cross both reported cyberattacks that had put the personal information of potentially 80 million and 11 million individuals, respectively, at risk.

The database that the CareFirst cyberattackers gained access to stores data that members and other individuals enter to access CareFirst’s websites and online services. A review by cybersecurity firm Mandiant found no indication of any other prior or subsequent attack or evidence that other personal information was accessed, CareFirst reported. The affected database did not contain Social Security numbers, medical claims, employment, credit card, or financial information.

The only information the attackers could have been potentially acquired was usernames, member names, birth dates, e-mail addresses, and subscriber identification numbers. However, CareFirst usernames must be used in conjunction with a password to gain access to underlying member data through CareFirst’s website and the database in question did not include these passwords in the event of such of cyberattack.

At the beginning of May, a study found that cyberattacks in healthcare have risen 125% in the last 5 years. Medical files can be worth up to $75 each on the black market, The Hill reported. More than 90% of healthcare entities have reported a data breach in the last 2 years, according to the survey.