Blue Cross Blue Shield insurer CareFirst just reported that its network was victimized by hackers and about 1.1 million user information got compromised as a result of the intrusion. No password or financial details were accessed during the hack, said Chet Burrell, CareFirst President and CEO in a video address to the company's customers.
The non-profit insurer, which serves Maryland, Washington DC and northern Virginia, said the intrusion affected customers who registered with CareFirst on or before June 19, 2014.
The cyberattack is believed to have exposed user names, given names, birth days, email addresses and subscriber ID numbers. However, it's important to note what the hackers didn't obtain, stated Burrell.
"They did not gain access to your password that you also set up when you registered on our website," said Burrell. "And because they did not get access to that password, they were not able to see any of your underlying information about your medical claims, about your credit card information or social security number or any other information about you."
CareFirst is offering and encouraging customers to accept its two-year free credit monitoring as well as other services to help shield them from fraudulent use of any of their personal information.
The cyberattack affected only one of CareFirst's databases, the company stated. The company also spotted the intrusion early on and thought that it had it contained, but it appears that wasn't the case.
"Please understand that we are constantly investing in the security of your data," Burrell said. "And this is an ongoing effort by the company. We've called in one of the leading security firms, who was the firm that actually discovered this attack."
That firm is Mandiant, which was acquired by cyber-security firm FireEye last year for $1 billion in stocks and cash. Mandiant performed an end-to-end scan of all of CareFirst's systems and determined that the non-profit had suffered no additional intrusions.
CareFirst is the third Blue Cross Blue Shield insurer this year to report having suffered a cyberattack. Others included Premera Blue Cross -- which was hit with an attack that affected around 11 million people -- and Anthem, which was rocked by an intrusion that compromised the accounts of about 80 million individuals.
