CareFirst Data Breach: Sensitive Information of Customers Leaked Online
For the third time in the past six years, cybercriminals have targeted CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC). The insurance provider had issued a written statement disclosing a data breach of one of its databases, which occurred on January 28.
CHPDC’s managed IT service provider alerted CHPDC of abnormal behavior impacting CHPDC systems. Considering the long relationship with cyber-attacks the insurance provider immediately decided to engage cybersecurity group CrowdStrike to identify the source of the leak and also notified both the FBI and the Office of the Attorney General for the District of Columbia.
Unfortunately, hackers were able to gain access to a database and stole sensitive information including names, addresses, contact numbers, date of birth, Medicaid identification numbers. After the examination, CHPDC suggested the attack was likely carried out by a ‘sophisticated, foreign cybercriminal gang’ and it was premature to say how many clients had been affected.
“We’ve taken immediate steps to limit the impact of the attack and protect and secure our systems and the information of our enrollees. We’re angry and troubled that anyone would target our enrollees. We’re taking aggressive action on behalf of all those we serve to ensure they are supported and notified as more information becomes available,” George Aloth, CEO of CHPDC, stated.
The company has decided to provide free two-year credit, identity theft monitoring, and a website with information on data breaches to all the enrolled clients who were affected due to this data breach.
The 2014 cyber-attack on CHPDC was one of the largest healthcare breaches ever reported, nearly 1.1 million customers were affected. Threat actors targeted a single database that contained information about CareFirst members and others who accessed its websites and services. CareFirst learned of the data breach on April 21, 2015, nearly one year later after they hired Mandiant, a leading cybersecurity company.
In October 2020, the FBI, The Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) alerted that cybercriminals were stepping up ransomware attacks on health sector groups as the organizations were involved in Covid-19 treatment and research.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
