All affected accounts have since been blocked, and customers have been asked to create new usernames and passwords. Calling it a “sophisticated” attack, CareFirst President and CEO Chet Burrell said in a statement, “We deeply regret the concern this attack may cause. We are making sure those affected understand the extent of the attack – and what information was and was not affected.”
As per a company statement, “Members who created accounts on http://www.carefirst.com prior to June 20, 2014 are affected by this incident. CareFirst is mailing letters to all affected members and those affected should receive a notification letter in the next 1 to 3 weeks. Members who enrolled to use CareFirst online services on or after June 20, 2014 are not affected because their enrollment occurred after the date of the unauthorized access.” To assuage some fears, CareFirst will provide two free years of credit monitoring and identity theft protection to compromised plan holders.
Earlier this year, Anthem and Premera also reported hacks, and the three security breaches seem to share some commonalities. The Federal Bureau of Investigation (FBI) seems to address the issues as state-sponsored hackings, with China at the top of the suspect list. Dr. Larry Ponemon, the chairman of Ponemon Institute, told the New York Times, “A lot of health care organizations have been historically laggards for security.” And given the wealth of information stored by these companies, they are prime targets for malicious hackers.
For more information on how to proceed, visit carefirstanswers.com.
