CareFirst, a large U.S. healthcare insurer reveals that a recent cyber-attack resulted in a hack that compromised the personal information and privacy of 1.1 million customers.
Joining the ranks of other healthcare providers such as Premera, Community Health Systems and Anthem, Carefirst has disclosed that data belong to 1.1 million CareFirst customers have been compromised as a result of the data breach it suffered. Altogether, the non-profit group has 3.4 million members, predominantly located in Maryland, Northern Virginia and Washington D.C.
“We were the subject of a cyberattack,” said a glum looking Chet Burrell, CareFirst’s CEO and President, in a video posted on CareFirst’s website.
The 2014 hack.
After a spree of cybersecurity attacks against healthcare providers, CareFirst commissioned Mandiant, a cyber-security firm and security contractor to do “a comprehensive, proactive assessment” of the company’s information systems, data servers and networks. It was during this review that led to the discovery of the breach that may have very well gone unnoticed without the company reviewing its own networks.
CareFirst revealed that customer names, their user names, email addresses, dates of birth and subscriber ID numbers are likely to have been stolen by the hackers responsible for the breach. The healthcare insurer stressed that the breached database did not include healthcare records, Social security numbers, medical claims or financial information. It also added that member passwords were encrypted to begin with and kept on a separate system that wasn’t breached.
The damages caused.
Upon the completion of Mandiant’s investigation of the breach, officials said that the hackers accessed a single database that stored data which was regularly accessed by members via CareFirst’s websites and other online services. The victims of the breach are current and former CareFirst customers who created their profiles on or before the 20th of June, 2014, on the healthcare insurer’s website.
As a consequence, CareFirst has blocked all compromised member accounts and members will be given instructions on how to create new user names and passwords to log into their accounts.
“We deeply regret the concern this attack may cause. We are making sure those affected understand the extent of the attack – and what information was and was not affected,” noted Chet Burrell.
“Please understand we are constantly investing in security of your data,” he added.
FBI (Federal Bureau of Investigation) spokeswoman Amy revealed that the agency is investigating the hack and working in tandem with CareFirst.
“Similar to other recent intrusions, this incident underscores the importance of rapidly notifying law enforcement once a breach has been detected, as doing so allows the FBI to quickly deploy our cyber experts to preserve evidence and work with incident responders to help recover their networks,” she said in a statement. “Cybercrime remains a significant threat, and the FBI will continue to devote substantial resources and efforts to bringing cyber criminals to justice.”
CareFirst is offering two free years of credit monitoring and identity theft protection to the 1.1 million affected customers, the company said.