CareFirst Blue Cross Blue Shield is the latest medical insurer to fall victim to a cyber attack. The company has issued a statement disclosing a data breach of one of its databases, which occurred in June 2014, and affects around 1.1 million CareFirst members.
This announcement marks the third time a major health insurer has identified a data breach since the beginning of 2015, following Anthem and Premera.
Hackers were able to gain access to a database that holding login data for CareFirst’s websites and online services. Member-created user names, birth dates, email addresses and subscriber identification numbers were exposed; but, no member Social Security Numbers, medical claims information or financial information was put at risk.
This is another example that not all breaches are being used to steal payment card details and that any organizations handling personal information for customers need to assume that they will be subject to a cyber attack in the future. Defending against attacks requires a multi-layered approach, and with as much emphasis on breach detection as defense.