HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

May
20

Health insurer says 1.1 million people affected in cyber attack

Email This Post Print This Post

CareFirst BlueCross BlueShield, a nonprofit health insurer that serves Maryland, Washington D.C. and northern Virginia, announced Wednesday it was targeted by a “sophisticated” cyber-attack, affecting 1.1 million people who are current or past members of CareFirst or who have done business with the company.

The May 20 statement on the CareFirst website explained the hackers “gained limited, unauthorized access to a single…database.” The intrusion was actually discovered in the midst of an exhaustive review the company was performing on its own IT security measures in the wake of recent cyber-attacks on other health insurers.

CareFirst said the review found cyber-attackers gained access to a database on June 20, 2014 that stores data members and other users enter to access CareFirst websites and online services. Only people who registered to use the online services before June 20 were affected.

The compromised database didn’t contain Social Security numbers, medical claims or other sensitive employment or financial information, according to the company, but the hackers may have acquired individual’s user names as well as members’ names, birthdates, email addresses, and subscriber identification numbers.

The corresponding passwords to those user names, however, are stored in a separate, fully encrypted system as a safeguard against such attacks, the company said. But “out of an abundance of caution,” member access to the affected accounts was blocked and those individuals will be asked to create new user names and passwords.

CareFirst is also offering two years’ worth of free credit monitoring and identity theft protection to anyone affected in the breach.

“We deeply regret the concern this attack may cause,” said CareFirst President and CEO Chet Burrell in the statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected.”

“Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information,” Burrell said.

Video courtesy of CareFirst BlueCross BlueShield.

Categories : Data Breach

Leave a Reply