CareFirst insurance hack exposes 1.1 million customer records.

Health Insurer Upgrading Security to Prevent Hack Discovers It Was Already Breached

Health Insurer Upgrading Security to Prevent Hack Discovers It Was Already Breached

Future Tense
The Citizen's Guide to the Future
May 21 2015 4:15 PM

1.1 Million Customer Records Compromised in CareFirst Insurance Hack

woof
We just can't win.

Photo from Rachel Griffith/Shutterstock

For CareFirst BlueCross BlueShield, the road to hell was paved with good intentions. Recently, while making cybersecurity upgrades, the company discovered that it had actually already been breached—in June 2014.

1.1 million current and former customers were affected by the hack, and CareFirst has 3.4 million current customers. The company, which offers coverage in Washington D.C., Virginia, and Maryland, says that hackers compromised one of its databases and may have had access to user names, member IDs, legal names, birthdays, and email addresses. Medical records, credit card numbers, and social security numbers weren’t affected.

Advertisement

Cybersecurity consulting firm Mandiant did not find evidence of other breaches on the CareFirst network, according to the insurer. The company is forcing all affected users to set up new accounts (new user names and passwords) and is offering two free years of credit monitoring. The incident isn’t on the scale of the Anthem breach, disclosed in February, which affected 80 million customers, but it shows that even companies taking action to protect themselves may be behind the curve.

Future Tense is a partnership of SlateNew America, and Arizona State University.