CareFirst Health Insurer Hacked; Breach Could Expose 1.1M Customers Information

CareFirst health insurer, a Blue Cross Blue Shield plan disclosed Wednesday that the company is the third health insurer in the United States to fall victim to hackers who breached into their computer systems, potentially stealing the information of 1.1 million customers.

CareFirst disclosed the breach Wednesday, stating that hackers may have potentially stolen 1.1 million customers data including names, email addresses and birthdates, but assured customers hackers did not gain access to sensitive information including financial or medical data, or even worse Social Security Numbers and credit card information.

CareFirst’s chief executive, Chet Burrell, said the company has contacted the Federal Bureau of Investigation (FBI) who is currently investigating the sophisticated attack. Federal officials reviewed both Anthem and Premaera health insurers following their security breaches earlier in the year.

Whether or not the attacks were connected remains unclear, Burrell said, but the company was hacked by criminals with the intent to steal information.

Federal investigators have yet to release information on how both Anthem and Premera Blue Cross attacks were perpetrated, but several investigators briefed on the case believe China is the main culprit. Anonymous officials said there are indicators that Anthem, Premera and now CareFirst have common attack patterns.

Mandiant security firm’s managing director, Charles Carmakal, told the New York Times that the CareFirst breach “was orchestrated by a sophisticated threat actor that we have seen specifically target the health care industry over the past year.”

Anthem’s record breaking breach was extremely severe, when the personal information of some 79 million customers was stolen by hackers. Similarly, Premera Blue Cross was hit by a severe attack weeks later, leading to hackers compromising over 11 million customers data. Anthem reported hackers may have stolen Social Security Numbers but did not gain access to any medical records. Premera on the other hand confirmed medial and bank information was stolen by hackers.

Maryland-based Carefirst said it was aware of one attack last year but believed criminals were unsuccessful. Following the ongoing attacks on health insurers, Burrell created a task force dedicated to analyzing company vulnerabilities, it was when he contacted security firm Mandiant, to perform a forensic review of CareFirst’s systems did it identify a breach. As of last month, Mandiant disclosed the initial breach occurred in June 2014.

Hackers motive remains unclear in these types of cases, however its traditionally carried out by a group of criminals or foreign governments targeting intelligence-gathering.

Thus far, there is close to zero evidence that information stolen from Anthem and Premera ever made its way to the black market. This suggests hackers are strictly targeting critical health care records for information gathering.

CareFirst said the federal investigation is ongoing but confirmed CareFirst members who do business with their online portal or registered on the website prior to June 20, 2014 are affected in the CareFirst breach. The company confirmed over 1.1 million members information could be at risk.

“We deeply regret the concern this attack may cause,” said CareFirst President and CEO Chet Burrell. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”