About a year ago hackers gained access to a database with about 1.1 current and former CareFirst BlueCross Blue Shield members’ names, birth dates and other personally identifiable information.
The health insurer serving Maryland, the District of Columbia and portions of Virginia said in a statement that cyberattackers accessed usernames to get the personal information–a discovery found after the company hired Mandiant to examine its IT environment following a recent spate of attacks on health insurers.
This would seem to suggest the attack was similar to that against Premera and Anthem, tha nation’s second-largest health insurer. Cybersecurity firm ThreatConnect said the hacking of Anthem was China-based. It exposed the information of nearly 80 million people. Brian Krebs of KrebsOnSecurity has reported the Anthem breach occurred soon after a malware campaign was made to mimic Anthem’s domain names at the time of the breach. Anthem was known as WellPoint prior to this year.
“The Anthem breach exposes the insidious reality of modern Chinese cyber espionage as it continues its unrelenting strikes at the soft underbelly of the American way of life,” said ThreatConnect in its report.
Related News: Prescription for trouble: healthcare industry faces rising risk, rising losses
“We are making sure those affected understand the extent of the attack – and what information was and was not affected,” said CareFirst CEO Chet Burrell. All affected members will be receiving a notification letter. “Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”
CareFirst said its usernames “must be used in conjunction with a member-created password to gain access to underlying member data through CareFirst’s website.
“The database in question did not include these passwords because they are fully encrypted and stored in a separate system as a safeguard against such attacks. The database accessed by attackers contained no member Social Security numbers, medical claims, employment, credit card, or financial information.”
Mandiant completed its review and found no indication of any other prior or subsequent attack or evidence that other personal information was accessed.
In an interesting step, CareFirst said the notification letters will have an activation code to enroll in credit-monitoring and identify theft protection, and affected accounts will be deactivated until members create new usernames and passwords.