Health Insurer CareFirst Latest Hack Victim

CareFirstBCBS21More than 1.1 million current and former members of CareFirst BlueCross BlueShield are among the latest victims of a cyberattack, the health insurer confirmed this week.

Reuters reports that CareFirst, which offers insurance in several areas of the East Coast, suffered a data breach nearly a year ago.

The company says the June 2014 hack was only recently discovered while CareFirst was undergoing a security refresh initiated after a string of high-profile breaches at other insurance providers.

The cyberattackers reportedly accessed one of the insurer’s databases, potentially acquiring user names for CareFirst’s website, names, birth dates, email addresses and member identification numbers.

In addition to actual CareFirst members, the breached database may include information about non-members who simply access the insurer’s websites and online services.

For now, CareFirst says it has blocked member access to those accounts and requested that all members create new user names and passwords.

CareFirst’s data hack is just the latest in a series of health insurer breaches. Back in March, Pacific Northwest-based Premera Blue Cross announced that information for 11 million consumers was compromised during an attack.

Before that, in February, Anthem – the owner of BlueCross and BlueShield – suffered a massive breach that affected more than 78 million consumers.

CareFirst says cyberattack stole data of 1.1 mln users in U.S. [Reuters]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.