CareFirst hack compromises info for 1.1 million consumers
CareFirst BlueCross BlueShield on Wednesday announced that it was the target of a cyberattack that compromised information of about 1.1 million current and former consumers, as well as individuals who conducted business with the company online. The attack was discovered last month during information technology security efforts conducted in the wake of other recent high-profile cyberattacks on fellow payers Anthem and Premera discovered earlier this year.
Unspecified attackers gained access to a single encrypted database in which CareFirst stores website access information on June 19, 2014, according to CareFirst. Compromised information includes consumer usernames for CareFirst's website, as well as names, birth dates, email addresses and subscriber identification numbers. No Social Security or financial information was stored in the database, and passwords also were not compromised.
CareFirst did not confirm who is responsible on its website, and could not comment when asked for clarification in a phone call.
Likewise, the Federal Bureau of Investigation could not clarify to FierceHealthITthe origin of the attacks due to the ongoing investigation. In a statement emailed toFierceHealthIT, the agency said it is working with the company to determine the nature and scope of the incident.