CareFirst health insurer hacked: up to 1.1m customers affected

Recently we reported that the number of health care providers that have suffered some sort of breach sit at the 90-percent mark (over the last two years), and though some have taken steps to protect their networks, many are still vulnerable. Today it was announced that the health insurer CareFirst had been breached, making it the third in the United States to suffer such an attack (or, at least, to disclose as much). The attack took place in June of last year, and is said to have been sophisticated, affecting up to 1.1 million of the insurer's customers. The company is based in Maryland but services the Washington DC region.

CareFirst disclosed the attack today nearly a year after it took place. The information that the hackers accessed included email addresses, names, and birthdays. Fortunately, neither Social Security numbers or medical records were accessed, nor other similarly sensitive personal information.

Federal law enforcement officials were said to be "aware of the situation" by the New York Times, which says that a person aware of the matter revealed the detail. The FBI previously had some involvement in investigating the former hack that happened at Anthem, as well as Premera. CareFirst is a Blue Cross plan, as with the other two.

It isn't surprising that health providers and health insurers are targeted by hackers, and this likely won't be the last time we see this happen. Such entities hold a mass of personal details that can be sold off and used to hijack someone's identity.

SOURCE: The New York Times