Skip to main content 
CareFirst BlueCross BlueShield has announced that hackers breached the company’s data security measures and stole the personal information of 1.1 million current and former members.
If you are a current or former CareFirst member, your personal information may have been compromised. Contact Morgan & Morgan today to learn about your potential legal options.
The health insurance company issued a statement disclosing that hackers acquired members’ names, user names created to access the company’s website, birth dates, email addresses and subscriber identification numbers. The data breach did not affect medical information, passwords, Social Security numbers, or credit card information.
Following similar cyber attacks on health insurance companies Anthem and Premera, CareFirst hired Mandiant, a cyber security firm, to study the vulnerability of the company’s information technology systems. As part of this review, Mandiant discovered that a cyber attack occurred that resulted in unauthorized access to a CareFirst database on June 19, 2014.
Mandiant released a statement saying that the CareFirst cyber attack “was orchestrated by a sophisticated threat actor that we have seen specifically target the health care industry over the past year.”
According to cyber security expert Brian Krebs, “Nobody is officially pointing fingers at the parties thought to be responsible for this latest health industry breach, but there are clues implicating the same state-sponsored actors from China thought to be involved in the Anthem and Premera attacks.”
In announcing the data breach, CareFirst stated that, “all affected members will receive a letter from CareFirst offering two free years of credit monitoring and identity theft protection.”
CareFirst, which offers health insurance to residents of Maryland and Washington, D.C., has created CareFirstAnswers.com to provide current and formers members with information about the data breach.