Skip to main content

Up to 1.1 million customers affected by CareFirst data breach

For the third time this year, a major U.S. health insurer has suffered a security breach, comprising the information of over 1 million customers. CareFirst of the Blue Cross Blue Shield insurance family announced Wednesday that up to 1.1 million individuals, but current and former plan holders, may have been affected by the security breakthrough. Luckily, because only one database was accessed, it appears that the data hackers made away with was limited to names, email addresses, and birthdates. No social security numbers, medical records, or credit card numbers appear to have been leaked.

All affected accounts have since been blocked, and customers have been asked to create new usernames and passwords. Calling it a “sophisticated” attack, CareFirst President and CEO Chet Burrell said in a statement, “We deeply regret the concern this attack may cause. We are making sure those affected understand the extent of the attack – and what information was and was not affected.”

As per a company statement, “Members who created accounts on prior to June 20, 2014 are affected by this incident. CareFirst is mailing letters to all affected members and those affected should receive a notification letter in the next 1 to 3 weeks. Members who enrolled to use CareFirst online services on or after June 20, 2014 are not affected because their enrollment occurred after the date of the unauthorized access.” To assuage some fears, CareFirst will provide two free years of credit monitoring and identity theft protection to compromised plan holders.

Earlier this year, Anthem and Premera also reported hacks, and the three security breaches seem to share some commonalities. The Federal Bureau of Investigation (FBI) seems to address the issues as state-sponsored hackings, with China at the top of the suspect list. Dr. Larry Ponemon, the chairman of Ponemon Institute, told the New York Times, “A lot of health care organizations have been historically laggards for security.” And given the wealth of information stored by these companies, they are prime targets for malicious hackers.

For more information on how to proceed, visit

Editors' Recommendations